Page 1 of 1
hashing
Posted: Wed Jul 13, 2005 12:15 am
by nincha
i dont get the use of hashing information for cookies and session.
If you hash say, a username and password to log into somewhere, and get an encoded string. How then would u retrieve the original info to login using that encoded string?
Posted: Wed Jul 13, 2005 12:39 am
by harrisonad
basically, you store the hashed user password to cookies or sessions.
When the user logs, hash the given password and compare it to the password you stored.
Posted: Wed Jul 13, 2005 12:47 am
by delorian
The answer is, you cannot. If you would like to check the user login data only thing you have to do is to check the hashes. If both are correct the login data from user is probably correct. I also believe that you should not put hashed usernames (BTW: I have never hashed the usernames

) , passwords and other *sensitive* information in cookies. It is better to store them on the server and use a *unique* identificator which is known only to client and the server - typical session.