Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
If I set cookies like this:
$_SESSION[md5('ponies'.$salt)] = $value;
so that only knowing the correct key will let you open that data, for example
$data = $_SESSION[md5('ponies'.$salt)];
and adding possibly a salt, will make my sessions data safer?
No. You’re still setting the values with a static key, so it’s pretty easy to just copy the key/value combination to a different client. You can also easily break normal MD5 hashing with rainbow tables. cookie keys are not serialized or secret, they are stored and accessible as stings in the
key=valuestyle on the client side.