On my website, upon signing in, my customer's username get's stored in a cookie which expires in 15 days, and whenever he comes back to my site, I added a php code that checks 1) do they have the cookie anymore 2) is the username from there valid. I also did the same thing with hashed password but I was told it is dangerous and that I should remove that with password. Now, anybody can just change the value of the cookie to another username. What is the safe way to solve this? What should I add / remove? Is storing hashed password dangerous after all? Any help will be hugely appreciated.
Aucun commentaire:
Enregistrer un commentaire