cookies and secure authentication

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!


The ISP I am using uses PHP 4.1.2 which does not seem to support $_SESSION
variables (i.e. it seems they are broken). So I am doing cookie based
authentication as follows: I set a cookie with the user's username
to keep track of the user. But this is bad because the user can
simply change the cookie from their web browser and set the
name of another user and thus change that other user's data
this way. That's not good, and not secure. People already
hacked my site, and I've had no more than 1,000 visitors.

Luckyly, I back my database quite often. ;-) :O)

What I plan to do, is send the user another encrypted
cookie. However I do not want to just hide the function that encrypts
from the user. I want to use a public function and a private
encryption key on my file system. And I need to implement it
in PHP. What's the best quick and easy but secure way?



Site Timeline