Hello,

I wanted to ask what the best or most common way (if one exists) to secure an account in terms of the authentication session/cookie might be?

This is be for a standard login setup where a user has to type in a username and password which is then checked against the db. I'm using PHP + MySQL.

Currently, I'm creating a salted hash based on unique user data (ie, md5($signup_date.':'.$user_id.':'...) and then i md5 that again with other variables tossed in) including the user_agent. The latter helps in situations where the user's credientials were taken in some way -- as soon as someone else tries to visit the site, they'll have to login because the user_agent will be different.

Is there an even better or maybe simpler way?

Thanks