Site Owners Forums - Webmaster Forums - View Single Post

mjvndhsb · 10-28-2011, 09:22 PM

I've been starting to learn how to use cookies, and the example script I've been using checks the username and password against the database, but only set the username in the cookie. Couldn't somebody just go in and change the cookie to anybodies' username? Or am I wrong on that? So would the solution be to add their password into the cookie too? Or does that have risks I havent noticed?

I'm not looking for hacker-proof just yet, I don't want it to be as easy as just changing the username in the cookie.

10-28-2011, 09:22 PM	#1
mjvndhsb Registered User Join Date: Jul 2011 Posts: 177	Putting password in the cookie? I've been starting to learn how to use cookies, and the example script I've been using checks the username and password against the database, but only set the username in the cookie. Couldn't somebody just go in and change the cookie to anybodies' username? Or am I wrong on that? So would the solution be to add their password into the cookie too? Or does that have risks I havent noticed? I'm not looking for hacker-proof just yet, I don't want it to be as easy as just changing the username in the cookie. __________________ *To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.* *To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.*