I am wondering what people's opinions might be about using the SHA1 hash of the user's password for one of my session cookie values; bad idea?
rhino18
0
Newbie Poster
Recommended Answers
Jump to Postyou mean you want to store hashes on user machine? If yes that is bad Idea. Store the hashes in Database and compare with hashes of the password user enters. Also you can think of moving to SHA2 family, particularly SHA512 as SHA1 is no longer what it used to …
All 3 Replies
Stefano Mtangoo
455
Senior Poster
you mean you want to store hashes on user machine? If yes that is bad Idea. Store the hashes in Database and compare with hashes of the password user enters. Also you can think of moving to SHA2 family, particularly SHA512 as SHA1 is no longer what it used to be. Salting, validating and all defenses are out of your current question!
rhino18
0
Newbie Poster
I see...I'll read up on the other SHA hashes.
I meant that I store the hash in the database for their password and check the hashed password that the user enters against the database hash. I was going to use that same hash as one of my identifiers for the session in a cookie, like:
<?php setcookie( 'id2', '*password hash*', time() + 3600 ); ?>
Stefano Mtangoo
455
Senior Poster
That is somehow discussed by Chris in his great article:
http://shiflett.org/articles/the-truth-about-sessions
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.