By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
455,722 Members | 1,227 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 455,722 IT Pros & Developers. It's quick & easy.

cookies and secure authentication

P: n/a

The ISP I am using uses PHP 4.1.2 which does not seem to support $_SESSION
variables (i.e. it seems they are broken). So I am doing cookie based
authentication as follows: I set a cookie with the user's username
to keep track of the user. But this is bad because the user can
simply change the cookie from their web browser and set the
name of another user and thus change that other user's data
this way. That's not good, and not secure. People already
hacked my site, and I've had no more than 1,000 visitors.

Luckyly, I back my database quite often. ;-) :O)

What I plan to do, is send the user another encrypted
cookie. However I do not want to just hide the function that encrypts
from the user. I want to use a public function and a private
encryption key on my file system. And I need to implement it
in PHP. What's the best quick and easy but secure way?


Jul 17 '05 #1
Share this question for a faster answer!
Share on Google+

This discussion thread is closed

Replies have been disabled for this discussion.