Re: is it safe to store a cookie user id as a login for my site

monomaniac21 schrieb:
hi

i have a php site which allows users to save a cookie on their
computer which stores their user id details and allows them to auto-
login.

i'm wondering whether this is safe, is it possible for a malicious
user to find that cookie and change its value and therefore auto-login
as someone else? and if so how can this be prevented?

thanks

marc

You could store one half of the user's password hash in the cookie. When he come back, you compare it to the hash in the db. Works for me :-)
.

Relevant Pages

  • Re: is it safe to store a cookie user id as a login for my site
    ... computer which stores their user id details and allows them to auto- ... login. ... i'm wondering whether this is safe, is it possible for a malicious ... user to find that cookie and change its value and therefore auto-login ...
    (comp.lang.php)
  • is it safe to store a cookie user id as a login for my site
    ... i have a php site which allows users to save a cookie on their ... computer which stores their user id details and allows them to auto- ... user to find that cookie and change its value and therefore auto-login ...
    (comp.lang.php)
  • Windows 98 cookie issue
    ... I have a property that stores a value to a cookie and retrieves it if the ... details are returned and when continuing stepping through the code the value ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Wanted script to email cookies
    ... Wanted script to email cookies ... stores a cookie with username and password in clear ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: "Remember my password" checkbox in OWA
    ... It will not be in a cookie, since they are plain text files on the ... hard disk. ... I don't know where IE stores it's password ...
    (microsoft.public.exchange.admin)