Mid-Atlantic Developer Conference - Call for Speakers


Please answer this simple SPAM challenge: nine plus zero?
(Example: nine)

The Note You're Voting On

myfirstname at braincell dot cx
14 years ago
[Editor's note: Wilson's comment has been deleted since it didn't contain much useful information, but this note is preserved although its reference is lost]

Just a general comment on Wilton's code snippet: It's generally considered very bad practice to store usernames and/or passwords in cookies, whether or not they're obsfucated.  Many spyware programs make a point of stealing cookie contents.

A much better solution would be to either use the PHP built in session handler or create something similar using your own cookie-based session ID.  This session ID could be tied to the source IP address or can be timed out as required but since the ID can be expired separately from the authentication criteria the authentication itself is not compromised.

Stuart Livings

<< Back to user notes page

To Top