i dont get the use of hashing information for cookies and session.
If you hash say, a username and password to log into somewhere, and get an encoded string. How then would u retrieve the original info to login using that encoded string?
hashing
Moderator: General Moderators
- harrisonad
- Forum Contributor
- Posts: 288
- Joined: Fri Oct 15, 2004 4:58 am
- Location: Philippines
- Contact:
basically, you store the hashed user password to cookies or sessions.
When the user logs, hash the given password and compare it to the password you stored.
When the user logs, hash the given password and compare it to the password you stored.
Last edited by harrisonad on Wed Jul 13, 2005 12:51 am, edited 1 time in total.
The answer is, you cannot. If you would like to check the user login data only thing you have to do is to check the hashes. If both are correct the login data from user is probably correct. I also believe that you should not put hashed usernames (BTW: I have never hashed the usernames
) , passwords and other *sensitive* information in cookies. It is better to store them on the server and use a *unique* identificator which is known only to client and the server - typical session.