is there a safe way of storing passwords in cookies in php?
or is it not recomended?
thanks
php
cookies
passwords
Answers
3
One more cautious way of extracting all input fields at once is:
extract( $_POST, EXTR_OVERWRITE, "form_" );
This way all your input variables will be called $form_foo and $form_bar at least. Avoid doing that in the global scope - not because global is evil, but because nobody ever cleans up there.
However, since mostly you do that in a localized scope, you can as well apply htmlentities if for example you need all fields just for output:
extract(array_map("htmlspecialchars", $_POST), EXTR_OVERWRITE, "form_");
Wednesday, October 12, 2022
5
Try using setcookie with a a path specified, this used to catch me out, as it assumes the current path by default. Using / will make the cookie work for the whole domain
setcookie("Username", $username, time()+3600*24*30, '/');
Friday, November 4, 2022
2
<?php
$cookie_name = "test";
$cookie_value = "123";
setcookie($cookie_name, $cookie_value, time() + (86400 * 30), "/"); // 86400 = 1 day
?>
You need to write your php code like this
You can use this script If u can want particular cookie
<script>
function getCookie(cname) {
var name = cname + "=";
var ca = document.cookie.split(';');
for(var i=0; i<ca.length; i++) {
var c = ca[i];
while (c.charAt(0)==' ') c = c.substring(1);
if (c.indexOf(name) == 0) return c.substring(name.length,c.length);
}
return "";
}
console.log(getCookie('test'));
<script>
Monday, December 5, 2022
3
in_array() is what I use
if (in_array($variable, array('one','two','three'))) {
Tuesday, August 30, 2022
Only authorized users can answer the search term. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :
php
cookies
passwords
This is not recommended...
... even if encrypted. Storing this information on a client machine gives them the opportunity to compare cookies in the hopes of decrypting. Worse they could sniff a cookie from someone else and then masquerade as that user!
What is recommended is having the user login through a secure connection and sending a session cookie in response. The session cookie contains a session id which PHP will automatically map to a session file on the server. You can then store a user id in the session. After a short time, the session should be expired.
Sessions are automatically managed by PHP and you should take advantage of it.
Here's a tutorial on how to use PHP sessions.