Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Login & Cookie Security
Login & Cookie Security
  • El Forum
    Guest
  •  
#2
10-30-2009, 09:46 AM

[eluser]jedd[/eluser]
[quote author="georgerobbo" date="1256934665"]
Of course you should have all passwords in your database encrypted.
[/quote]

Why?

Quote:However is it possible to intercept the password or any data from a form before it is encrypted by the server?

Yes.

Do you mean 'how', or 'how do I reduce the chance of this happening'?

Quote:Secondly when setting a cookie after a user has logged in should you do:

a cookie with a value set to true to say they are logged in

or a cookie containing a username and another containing their encrypted password / or a specific session ID?

Assuming no complex ACLs are in play - that you simply want to be able to identify, via session data, if a user is logged in or not - then I just use a single session variable of 'username'. I clear that on user logout.


Messages In This Thread
Login & Cookie Security - by El Forum - 10-30-2009, 09:31 AM
Login & Cookie Security - by El Forum - 10-30-2009, 09:46 AM
Login & Cookie Security - by El Forum - 10-30-2009, 10:48 AM
Login & Cookie Security - by El Forum - 10-30-2009, 05:42 PM



Theme © iAndrew 2016 - Forum software by © MyBB