Storing user and pass in cookies

Anon

Hello,

how can I store the user and password in a cookie? If possible the pass should be somekind of encrypted. There should be no session timeout or any other 'decay' of the cookie, so when the user enters the site he is already logged with his cookies.

I know there's something with 'setcookie' etc, but I'm not sure how to do all this. Can you also give me some code for loading the info out of the cookie?

Thanks alot!

Anon

Check the manual for setcookie() and language.variables.predefined (predefined variables, that is).

Your cookie can be examined with HTTP_COOKIE_VARS.

For encryption, you have two choices.

Either use something like md5() or other one-way encryption and store that value on the server, take the password from the client, encrypt it, then evaluate the 2 cipher-text passwords.

Personally I don't store passwords in cookies, and instead just use some sort of ID# which looks like gibberish to anyone reading it, but my site knows what it's supposed to mean.

Also makes spoofing cookies harder.

But that should be what you needed to know, I think.

Oh, and the other way. Encrypt the password using two-way encryption (like blowfish I believe), then just unencrypt the users password on your server, then examine it.

You'll need support for mcrypt on your host to do that though.

Anon

I haven read the manual, but before this thread slips to the very bottom...:

The ID# method I think is most ideal. How is the relation of the ID to the members DB table? I mean, if I fetched the ID of the cookie, what to do/check/proof then?

Thanks.