security - Is permanent session / 2nd password a good idea? -


so, idea store each user "password" or auth value, when auth via cookies compare values. way if cookie somehow stolen has nothing real password.

for important operations, changing password etc user needs provide password , validated vs original password (salted, encrypted etc).

imo there no reason password , session/auto-login-cookie related in way. yes, i'd make them separate. use random value in cookie , associate server side data it. allows me invalidate cookie server side.


Comments

Popular posts from this blog

linux - Using a Cron Job to check if my mod_wsgi / apache server is running and restart -

actionscript 3 - TweenLite does not work with object -

php - How can I edit my code to echo the data of child's element where my search term was found in, in XMLReader? -