Is storing username & password of the user in a cookie a good practice?

Question

0

Asked: May 13, 20262026-05-13T07:57:26+00:00 2026-05-13T07:57:26+00:00

Is storing username & password of the user in a cookie a good practice?

0

Is storing username & password of the user in a cookie a good practice? I really want to know how big websites like (Facebook, digg, twitter) handle this. My code is like that:

<?php

$username = mysql_real_escape_string($_POST['username']);
$password = md5($_POST['password']);

?>

After every successful login i store the $username and the $password (md5) in a cookie. And regenerate the session id with session_regenerate_id()

And to authenticate the user i check if a login session exists, otherwise i authenticate the cookies.

Any ideas? Thanks

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-13T07:57:26+00:00

I’m a bit confused – are you using PHP sessions, or cookies?

If you store the data in a session ($_SESSION['username'] = 'Tom' etc.), that data is not stored in the user cookie.

If you store the data in a separate cookie (for something like automatic login), you might want to store a different, random id instead, and look up the user id a database table.

autologins
----------
key (random hash)
user_id
expires

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Is storing username & password of the user in a cookie a good practice?

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply