What values should store in cookie?

Question

I have a table and have two column for username and password. I want to store a cookie for remember user's login. So what field should i use? I'm getting confused about storing username in the cookie. Because someone can try to log via rewrite a fake cookie. What should i do?

http://stackoverflow.com/questions/20568021/using-cookie-to-set-username-and-password-via-javascript — Punitha Subramani, Aug 27 '14 at 07:13

score 2 · Accepted Answer · edited May 23 '17 at 12:21

2

You should never store their username and password in a cookie. For a good example on how to handle this, see: "Keep Me Logged In" - the best approach

edited May 23 '17 at 12:21

Community

1
1

answered Aug 27 '14 at 07:14

Zach Flynn

59
2

score 0 · Answer 2 · answered Aug 27 '14 at 07:13

You should store a random, unique session id since users can tamper with cookies. PHP's session feature already does that for you - and you can store any kind of data in there since the data itself is stored on the server and only the session id is stored on the client.

Another option would be using a cryptographic signature to ensure the cookie hasn't been tampered with.

What values should store in cookie?

2 Answers2