登录cookies安全 [英] Login cookies security

问题描述

我正在制作我的第一个福利网站，用户可以注册并登录。以下Cookie是否安全？我需要一个更具体的随机代码来替代用户名或密码吗？

  setcookie（username，$ username ，time（）+ 3600）; 
 setcookie（password，$ password，time（）+ 3600）; 
  

解决方案

如果用户想要记住他们的登录和密码以自动记录。如果不使用会话。

并且密码应该编码。 永远不要存储他人直接输入的密码！
如果您的密码是编码的，这是安全的，例如：

 code> md5（'my_password'）; 
  

使用此编码，无法解密密码，因为它链接到无穷大的值。 / p>

当你比较两个密码，看看是否有相同的做这两个密码编码时

I'm making my first fullout website were users can sign up and log in. Is the following cookies secure? Do I need a more specific random code for the name instead of username or password?

setcookie("username", "$username", time()+3600);
setcookie("password", "$password", time()+3600);

解决方案

It should be use if users want to remember their login and password to logged them back automatically. If not use sessions.

And the password should be encoded. Never store the password that someone has typed directly! It's safe if your password is encoded, like :

md5('my_password');

With this encoding there is no way to decrypt the password because it's linked to an infinity of values.

When you compare the 2 passwords to see if there are the same do this when both password are encoded

这篇关于登录cookies安全的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！