Menu
Is there a relatively secure way to store the password in the browser cookie (for remembering the login information) in the cookie without creating an extra column for hash in database? Thanks.
760
You should never ever store plaintext or even decryptable passwords in your database unless you have generated them and the user cannot enter a custom one!
The most common way is storing the hash of the password in the cookie which is also in the database. However, this allows anyone to login by just knowing the hash - without access to the original password. So don't go by that way even though it's obviously the easiest one.
A secure approach would be storing a random, unique "login hash" in the database and setting this hash plus the user's ID in the cookie. That would not only make the password hash useless for logging in but also allow you to create a "log out everywhere" feature.
113
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
