If passwords are stored in a user database as encrypted strings, using the crypt() function,
should passwords be stored in cookies as the encrypted strings from the database,
or is this a security flaw of some sort?