Cookie + auto login
Posted: Wed Jun 13, 2007 11:13 am
Hi
Im developing a website to a friend of mine that runs an own company.
In this websajt, users can register and buy products etc.
A while ago, I added a "automatic login" feature that saves the user-id
in a cookie, along with a md5-password (generated each time the cookie
is updated, and also save into the user-column in the database).
Then, when the site is entered, I check if there is a user-id and if there is
one, I compare the password in the cookie with the password in the database.
Now I wonder:
1. Is it possible to edit a cookie?
2. Can a cookie be copied from one computer to another and still be valid?
3. Is my way of storing user-id + password "secure"? Maybe the user-id should be encrypted?
Thanks in advance.
Im developing a website to a friend of mine that runs an own company.
In this websajt, users can register and buy products etc.
A while ago, I added a "automatic login" feature that saves the user-id
in a cookie, along with a md5-password (generated each time the cookie
is updated, and also save into the user-column in the database).
Then, when the site is entered, I check if there is a user-id and if there is
one, I compare the password in the cookie with the password in the database.
Now I wonder:
1. Is it possible to edit a cookie?
2. Can a cookie be copied from one computer to another and still be valid?
3. Is my way of storing user-id + password "secure"? Maybe the user-id should be encrypted?
Thanks in advance.