Viewed   116 times

is there a safe way of storing passwords in cookies in php?

or is it not recomended?




This is not recommended...

... even if encrypted. Storing this information on a client machine gives them the opportunity to compare cookies in the hopes of decrypting. Worse they could sniff a cookie from someone else and then masquerade as that user!

What is recommended is having the user login through a secure connection and sending a session cookie in response. The session cookie contains a session id which PHP will automatically map to a session file on the server. You can then store a user id in the session. After a short time, the session should be expired.

Sessions are automatically managed by PHP and you should take advantage of it.

Here's a tutorial on how to use PHP sessions.

Sunday, August 7, 2022

One more cautious way of extracting all input fields at once is:

extract( $_POST, EXTR_OVERWRITE, "form_" );

This way all your input variables will be called $form_foo and $form_bar at least. Avoid doing that in the global scope - not because global is evil, but because nobody ever cleans up there.

However, since mostly you do that in a localized scope, you can as well apply htmlentities if for example you need all fields just for output:

extract(array_map("htmlspecialchars", $_POST), EXTR_OVERWRITE, "form_");
Wednesday, October 12, 2022

Try using setcookie with a a path specified, this used to catch me out, as it assumes the current path by default. Using / will make the cookie work for the whole domain

setcookie("Username", $username, time()+3600*24*30, '/');
Friday, November 4, 2022
$cookie_name = "test";
$cookie_value = "123";
setcookie($cookie_name, $cookie_value, time() + (86400 * 30), "/"); // 86400 = 1 day

You need to write your php code like this

You can use this script If u can want particular cookie

function getCookie(cname) {
    var name = cname + "=";
    var ca = document.cookie.split(';');
    for(var i=0; i<ca.length; i++) {
        var c = ca[i];
        while (c.charAt(0)==' ') c = c.substring(1);
        if (c.indexOf(name) == 0) return c.substring(name.length,c.length);
    return "";

Monday, December 5, 2022

in_array() is what I use

if (in_array($variable, array('one','two','three'))) {
Tuesday, August 30, 2022
Only authorized users can answer the search term. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :