Code: Select all
setcookie("user_id", $user, time()+3600);What are the security vulnerabilities here? Usually in cookie security discussions, people go into depth about XSS, but what about a user trying to log in as a different user? Can't that cookie be fabricated?