Cookie + auto login

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
PhpMachine
Forum Commoner
Posts: 42
Joined: Thu Apr 19, 2007 11:26 am

Cookie + auto login

Post by PhpMachine »

Hi

Im developing a website to a friend of mine that runs an own company.
In this websajt, users can register and buy products etc.

A while ago, I added a "automatic login" feature that saves the user-id
in a cookie, along with a md5-password (generated each time the cookie
is updated, and also save into the user-column in the database).

Then, when the site is entered, I check if there is a user-id and if there is
one, I compare the password in the cookie with the password in the database.

Now I wonder:
1. Is it possible to edit a cookie?
2. Can a cookie be copied from one computer to another and still be valid?
3. Is my way of storing user-id + password "secure"? Maybe the user-id should be encrypted?

Thanks in advance.
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

Well, when people decide to use automatic features such as that, they put themselves at risk for convenience. Anyone that were to access their cookies could, indeed, copy their contents. Just ensure that the automatic login is their decision, not a default.
Post Reply