How to protect cookies?

F

FASis2018-06-16 13:00:26

HTTP Cookies

FASis, 2018-06-16 13:00:26

It is necessary to create 2 types of cookies (lifetime 0 seconds and 30 days) there are no problems with this.

if ( $_POST['remember'] == '')
{
setCookie('user', $user);
} else {
setCookie('user', $user, time() + 86400 * 30, '/');
}

But now the question arises, how to protect cookies from forgery? do not care about their transfer, but the main thing is that it cannot be faked. What are the options and technologies? These cookies should allow a person to enter the control panel, so the question arises, what to store in them for identification and how can they be protected from forgery?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

S

Sergey Sokolov, 2018-06-16
@FASis

Store user_id and, of course, encrypt.

K

Konstantin Malyarov, 2018-06-16
@Konstantin18ko

javascript.ru/unsorted/id
There are a lot of types of user identification with all kinds of protection.

S

Stalker_RED, 2018-06-16
@Stalker_RED

Read what cookies are, how they work and WHAT THEY ARE FOR.
At least on Wikipedia, at least in any textbook ( 1 , 2 , 3 ).
You are now facing problems because you are trying to misuse this tool.
Just like in the joke about "driving a screw with a hammer is easier than tightening a nail with a screwdriver."
It would be better to write this $user of yours to the session, and not to cookies. If the session is not applicable for some reason, JWT can be applied (but this is more difficult for a beginner).