On 15 Oct 2008, at 15:23, Ben Stones wrote:
I've read a few videos on cookie security and it makes sense that
people can
modify cookie values which is a problem I'm trying to figure out to
*try*
and prevent. What I'll first do is at the top of the page that
validates if
the cookie values is in the database, but what my next problem is
they'd use
usernames in the database as the vaues. Are there any preventable
measures
to prevent cookie forging or what not.
You can encrypt or hash the cookies to prevent tampering...
http://stut.net/blog/2008/07/26/sessionless-sessions-2/
-Stut
--
http://stut.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
