I'm trying to do "Remember Me" on my website and have added the code below to my login script.
The password is run through sha1() function and the username was trimmed and run through mysql_real_escape_string() before assigning it to a SESSION.
How can I make this more secured, against hijacking.
Thanks.
if($_POST['remember']) {
setcookie("CookieUser", $_SESSION ['usrename'], time() + 60 * 60 * 24 100, "/");
setcookie("CookiePass", $_SESSION ['password'], time() + 60 * 60 * 24 100);
}
No comments:
Post a Comment