Cookie/Browser Security

[Itshim]

This is not a PHP question, I looked for an appropriate forum to post in, but could not find one, so I decided to post in here, sorry if this upsets anyone.

Anyway...
How safe are cookies? I like the convinence of having websites 'remember me', but don't know if I am exposing my accounts to unsavory types.

Another option is to have the web browser, remember my password, and wonder if this is safer than cookies. (I am currently using Firefox.)

Or should I just bite the bullet and type in my username and password every time I visit the site.

I am not worried about someone actually sitting down at my computer and using my accounts, I also am running a firewall and anti-virus on my computer, if that makes a difference.

Thank you for reading,
Itshim

 

[scorpion4377]

You really have a few choices.

1. Write a secure code that runs sessions. Sessions cannot be edited by the user (Unless you leave a security whole in your script), so they're very safe, and very easy to work with. Problem, you have to login every time.

2. A cookie that will directly contain your username and password. Not very safe, and not recomended. If you're going to use cookies that contain the username and password, make it contain the encrypted password.

3. This is probably the best option. MySQL sessions. You create a session table on your SQL server, and save the session data there. In a cookie, save the session ID. I've never made a login system that uses this, but the next time I made one, I'll use this.