Hi all! I'd like to use cookies in sessions on my backend to eliminate the possibility of "session hijacking," but I'm a bit concerned about cookie security. If you set a cookie to last until the browser session is ended, what happens to the cookie if the system/browser crashes? Can I trust every browser to check for old cookies on startup and eliminate them? And still, even if I can, wouldn't the cookie be intact to read on the harddrive until the browser is started again? I was thinking about slicing the username and password strings in two, and storing the halves in cookies and server sessions respectively, e.g.:
Username = Admin -> Cookieusername = Ad, Sessionusername = min Password = Secret -> Cookiepassword = Sec, Sessionpassword = ret ...and then do database connections with <cookie+session>... Any thoughts on this approach? Good idea or bad idea? TIA, Daniel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
