Can you explain to me the benefits of hashing/encrypting/md5'ing cookie values? I don't see how it'd stop hackers from changing cookie values? 2008/10/15 Stut <stuttle@xxxxxxxxx> > On 15 Oct 2008, at 15:23, Ben Stones wrote: > >> I've read a few videos on cookie security and it makes sense that people >> can >> modify cookie values which is a problem I'm trying to figure out to *try* >> and prevent. What I'll first do is at the top of the page that validates >> if >> the cookie values is in the database, but what my next problem is they'd >> use >> usernames in the database as the vaues. Are there any preventable measures >> to prevent cookie forging or what not. >> > > You can encrypt or hash the cookies to prevent tampering... > > http://stut.net/blog/2008/07/26/sessionless-sessions-2/ > > -Stut > > -- > http://stut.net/ >
