security - Is permanent session / 2nd password a good idea? -


so, idea store each user "password" or auth value, when auth via cookies compare values. way if cookie somehow stolen has nothing real password.

for important operations, changing password etc user needs provide password , validated vs original password (salted, encrypted etc).

imo there no reason password , session/auto-login-cookie related in way. yes, i'd make them separate. use random value in cookie , associate server side data it. allows me invalidate cookie server side.


Comments

Popular posts from this blog

javascript - Iterate over array and calculate average values of array-parts -

iphone - Using nested NSDictionary with Picker -

objective c - Newbie question -multiple parameters -