Results 1 to 1 of 1
Sep 28, 2009, 10:30 #1
- Join Date
- Sep 2009
- 0 Post(s)
- 0 Thread(s)
Best way to secure account / authentication session/cookie?
I wanted to ask what the best or most common way (if one exists) to secure an account in terms of the authentication session/cookie might be?
This is be for a standard login setup where a user has to type in a username and password which is then checked against the db. I'm using PHP + MySQL.
Currently, I'm creating a salted hash based on unique user data (ie, md5($signup_date.':'.$user_id.':'...) and then i md5 that again with other variables tossed in) including the user_agent. The latter helps in situations where the user's credientials were taken in some way -- as soon as someone else tries to visit the site, they'll have to login because the user_agent will be different.
Is there an even better or maybe simpler way?