Reputation: 5116
PHP: Secure way to store information into cookies?
I'm working on a log in system for an application, and I'm not sure what information I should store. Currently, I only store user's ID into a session variable, and if that variable is set, it will load the user from the database with all of the required information. But, I also want to have a 'remember me' option, for which I would require cookies, and I'm not sure what to store in them. If were only to store the user id, that would be risky, since someone could just change the id and be a different user. My idea currently is to do this:
$array = array($user['username'], $user['pass']);
serialize(base64_encode($array));
So if the cookie was set, I would unserialize it, and find the user with the password and username (the password itself is hashed in MD5). But, I assume this isn't very secure. What should I store into the cookie to make it secure, and is there any other way?
Upvotes: 0
Views: 213
Answers (1)
Reputation: 24549
Instead of putting the password in the cookie, you can create a hash from it and save that instead. You would also save the hash in the database so when comparing cookies, the username and hash have to match which avoids exposing the password.
You can create a simple hash with MD5.
Upvotes: 1
Related Questions
- Storing login information in Cookies
- How to secure cookies in php?
- Cookies security
- Securing session and cookies
- Storing session data in cookies
- Storing PHP Data in a Cookie
- How to store cookies containing sensitive data securely in PHP?
- creating secure php session cookies
- Secure cookies in PHP sessions
- secure sessions/cookies in php