2011-09-15, 05:15 PM
How i'd usually do it, is store the password hash in a cookie and the user id.
I guess it's a bit like MyBB's but i've been told this is not very secure and that i should just make a token and tie it to a user's IP address so the only way to steal a session is to spoof the connection.
Thoughts and examples?
P.S
After spending a lot of time with Bitcoin i've transitioned from MD5 to SHA512 hashing. SHA256 would suffice, but yeah..a lot of crunchers out there.
I guess it's a bit like MyBB's but i've been told this is not very secure and that i should just make a token and tie it to a user's IP address so the only way to steal a session is to spoof the connection.
Thoughts and examples?
P.S
After spending a lot of time with Bitcoin i've transitioned from MD5 to SHA512 hashing. SHA256 would suffice, but yeah..a lot of crunchers out there.