hashing

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
nincha
Forum Contributor
Posts: 191
Joined: Fri Mar 28, 2003 12:30 pm
Location: CA, USA

hashing

Post by nincha »

i dont get the use of hashing information for cookies and session.
If you hash say, a username and password to log into somewhere, and get an encoded string. How then would u retrieve the original info to login using that encoded string?
User avatar
harrisonad
Forum Contributor
Posts: 288
Joined: Fri Oct 15, 2004 4:58 am
Location: Philippines
Contact:

Post by harrisonad »

basically, you store the hashed user password to cookies or sessions.
When the user logs, hash the given password and compare it to the password you stored.
Last edited by harrisonad on Wed Jul 13, 2005 12:51 am, edited 1 time in total.
User avatar
delorian
Forum Contributor
Posts: 223
Joined: Sun May 04, 2003 5:20 pm
Location: Olsztyn, Poland

Post by delorian »

The answer is, you cannot. If you would like to check the user login data only thing you have to do is to check the hashes. If both are correct the login data from user is probably correct. I also believe that you should not put hashed usernames (BTW: I have never hashed the usernames :)) , passwords and other *sensitive* information in cookies. It is better to store them on the server and use a *unique* identificator which is known only to client and the server - typical session.
Post Reply