I am a little confused about storing stuff in cookies/sessions and how to prevent spoofing of them.
A user logs in, his e-mail address or user id and password(md5'ed) is checked against my database. Assuming it matches, I then set a cookie with the users id + email. What is to stop someone from spoofing that cookie? I obviously don't want to put the password in a cookie .. can someone point me in the direction of an article about this? I've searched around, but I'm not finding stuff about in a preventing spoofing / security aspect. Thanks, Chad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
