I am using setcookie ("pass","password"); and it save the simple cookie with name pass and value password that is simply viewed by anone. i want to use the value for cookie with some encryption, how can i do that. plz help me.
www.php.net/md5 EDIT: Since you're not setting an expiration date, the cookie will expire after the browser has been closed. So there's no point in using cookies, because you could use sessions, which are more secure. Don't safe sensitive data in cookies unless you have a real good reason. http://www.php.net/manual/en/ref.session.php
nico's right, sessions would be better. but if you do want to encrypt/decrypt data.... http://www.php.net/manual/en/ref.mcrypt.php
You are right that sessions are more secure, and i used sessions for login. Why i need cookies is that i have a check box at login page that is "save password" if user check that check box then i need to save the user name and password in the cookies, so next time when the page is opened he or she found his password already there, for this reason i am using cookies. Is there any other way to do so without cookies, to save username and password. As session or not able to save the password for future use. and i didn't write the full code of cookie, here it is. setcookie("pass", "$password", time()+2592000, "/");
Here's how I'd do it.... I'm assuming you store the passwords in a database here. Use the crypt function to perform a one way encryption of the password. You can't unencrypt it even if you know the salt used to encrypt it. Whenever you want to verify the user, pull the password which matches the username out of the database, crypt that - using the same salt, and compare the crypted value with what is in the cookie. That way, you're never transmitting the plain text password, and never storing it in plain on the client machine.