The short answer is that if you're worried about security, don't store a uid and pwd in a cookie on the client... banks don't do it, for example.
It's also common for the uid to be remembered, but not the pwd. >From what I can see happening on the "big sites", you give the user the option to be remembered or not, and you advise them against it if they're on a shared/public computer, or even remotely care about security and privacy. Handling log-ins and cookie sending under SSL would also help. Justin on 31/05/03 4:29 PM, Monty ([EMAIL PROTECTED]) wrote: > I see some posts here that say storing a username or encrypted password in a > cookie is not secure. If so, then what's a more secure way to allow users to > be "remembered" using a cookie so that they don't have to log in every time > they come to the site? What do you store in the cookie to authenticate > against? > > Monty > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
