Phpmail wrote:
My login script sets unique, secure, cookies that identify the user. Some of my pages only display content if a secure cookie is present. Is this a bad idea for secure pages with sensitive details as I have heard that cookies can be faked? I am always interested in creating a secure environment for my website visitors and I want to make sure I am protecting their privacy. Any help on this matter is greatly appreciated.
Thanks, ~Sean V.
I would suggest tying your cookies to an IP. This makes it MUCH harder for a cracker to use the cookie. You may just want to search for "PHP secure cookies" on google.
-- paperCrane <Justin Patrin>
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
