[ic] Login Cookie

Russell Mann tech at khouse.org
Mon Dec 6 19:36:37 EST 2004


A customer complained about setting the username and password in a cookie
for "auto-login."  A look at this page:


Shows this is what happens.  Is there a good reason security-wise to use an
md5 hash table or some other form of unique identification for auto-login,
rather than username/password in a cookie?

Anyone else have concerns about this?


Russell Mann

More information about the interchange-users mailing list