COOKIES: What is better to throw in value?

T

thehighhomie2016-01-25 00:49:05

HTTP Cookies

thehighhomie, 2016-01-25 00:49:05

When creating cookies for authorization, in the lessons I see all the time that the user's password is thrown into the values. What if the password is the same for two or three users? What is the best way to create cookies?
PS: I usually set these cookies - setcookie( 'user', 'password' , 'time');

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

G

George, 2016-01-25
@BATC0H

It is not safe to store a password in cookies: they are stored and transmitted in the clear, they are easy to forge or steal.
Usually we put in cookies we put some unique for each visitor, but random nonsense, an identifier. For example, a string like "9ebca8bd62c830d3e79272b4f585ff8f". And somewhere on the server we store (and check when requested) the correspondence of this string and a specific user.
In general, to resolve this issue, it is better to read and study the information about the session. They work approximately as I described above, but the code comes out simpler and clearer.