Cookie manager. You can add, delete, edit

halojoy

PHP setcookie() is a nice tool in many applications.
But as my headline tells, there are plenty of Cookie Editors.
Especially for Chrome browser.
Just search 'Cookie Edit' ...

I use Cookies sometime.
For now I always encrypt the data before putting it in cookie.
I havent read much about safety regarding cookies.

Am I overdoing this when encrypting
or do you think it is the right way?

I use openssl_encrypt()

NogDog

It depends on what you're putting in the cookie -- does it matter if the user can see/change it or not? If it does matter, maybe that data should stay on the server, and then you can just store/reference it in the session data (in which case they get a session ID cookie, normally); but there's no single answer that is correct for every case.

sneakyimp

I think encrypting cookies sounds like a great idea for two reasons:
if the information is sensitive, it would protect the information from snooping
it would make it difficult (impossible?) for visitors to your site to tamper with the cookie to try and exploit your site.

But yes it probably depends on what information you are storing in cookies. I would not recommend storing sensitive information there if you can avoid it. A session id is probably the most sensitive thing that you should ever put in a cookie.

You should probably configure your site so that you can turn off the cookie encryption if you want to. It would be super hard to troubleshoot any cookie-related problems with encrypted cookies.