cookies and their content
Posted: Fri Mar 26, 2004 7:57 am
what would be the most secure:
1. set a customer cookie with only a MD5 string, which i then compare with the entry in our database
2. set a customer cookie with a MD5 string + his registered emailaddress (those two serialized()), which i then runs through our database for a match.
Or are both methods exactly the same, security wise? (the MD5 is not the user pwd, that's processed seperately)
1. set a customer cookie with only a MD5 string, which i then compare with the entry in our database
2. set a customer cookie with a MD5 string + his registered emailaddress (those two serialized()), which i then runs through our database for a match.
Or are both methods exactly the same, security wise? (the MD5 is not the user pwd, that's processed seperately)