Re: [PHP] update password cookie

--- John Kaspar <[EMAIL PROTECTED]> wrote: > I'm just storing its hash. Then comparing it to the database hash. > Is that bad? Yes, but the risk is not so much that the user's password is in danger of being acquired, but rather than this step is not necessary to impersonate the user. This hash of

RE: [PHP] update password cookie

John Kaspar on Thursday, September 18, 2003 4:05 PM said: > I'm just storing its hash. Then comparing it to the database hash. > Is that bad? Is there a good write-up somewhere discussing > authentication techniques that you could recommend? Oh I should respond to

RE: [PHP] update password cookie

John Kaspar on Thursday, September 18, 2003 4:05 PM said: > Yahoo makes you reenter your password every time you reopen your > browser. I'll check other sites though. Thanks for the advice. As it should. You don't want to store password information in a cookie, th

Re: [PHP] update password cookie

I'm just storing its hash. Then comparing it to the database hash. Is that bad? Is there a good write-up somewhere discussing authentication techniques that you could recommend? Yahoo makes you reenter your password every time you reopen your browser. I'll check other sites though. Thanks

Re: [PHP] update password cookie

--- John Kaspar <[EMAIL PROTECTED]> wrote: > My question is - how do I update the password cookie without having to > ask whether or not they want to remember it again? How can I find out > when the current cookie expires? First, I hope you're not storing a password in a cookie, since it sounds