Is there any way to find out WHEN a cookie will expire? I'm using a cookie-based login for a intranet app, and I'd like to let users know how much longer they have left logged in.
Also, with cookies, I've been told that there is a 'method' of sorts to store multiple things in 1 cookie. How might I go about that?
Lastly, I'd like to encrypt some of the stuff that is stored as cookies. Any recommendadtions on what the best way to do so is?
EDIT: NOT hash...I need to be able to retrieve the data. No '1 way' stuff...I forgot to mention that.not unless you keep the time in the cookie I don't believe there is away.
forgot the other parts, man I am doing good today.
to encrpyt it you could try serialize() and unserialize(). if you do a true encrpyt it will take years to decrypt. if that is all you want then I would use md5(). you can also take your session and add whatever you want and serialize it and then you can get it anytime you want by unserializing it. sometimes it could be difficult on doing it either way.
now to do a lot of values to a cookie you need to save the array and not the value of the array. I think that is how it is done.serialize does this:
it changes: password
to: s:8:"password";
so it is still easily read. I'm, looking for something like the mySQL AES_ENCRYPT/AES_DECRYPT
I use them like this:
AES_ENCRYPT($email_username,'".$super_secret_hash_salt."')
if $email_username is aaroncampbell, and $super_secret_hash_salt = "super secret"
then it would return "??æ¿¡è¤嚎?KxA纰秢"
Then you just do this:
AES_DECRYPT("??æ¿¡è¤嚎?KxA纰秢",'".$super_secret_hash_salt."')
and you would get aaroncampbell again.
It doesn't have to be impossible to crack, but I DO have to be able to UNDO it. You can't undo md5.I have racked my brains (such as they are) and can see no reason at all why anyone would ever want to store a password in a cookie file, encrypted or not.
THe idea of a cookie is that you can recognise a user from a particular machine. Why then do you need the password? You will check for a cookie with some pre-defined variables contained within it (one of which will be a username or user id) and log them in accordingly.oh, and serializing is an excellent way of storing variable structure and contents. You can combine it with base64encode() and base64decode() to make it more unintelligible to the human eye (or if you want to pass it as a string in the uri), but this is completely insecureyou can undo md5(), you just bruteforce it.
but, I wouldn't worry about undoing anything. encrpyt it with crpyt() and do a compare. but Torrent has a good point, never keep a password in a cookie.base64encode() is perfect. I'm not storing passwords. I just used the word 'password' to test serialize. I'm storing usernames. I just don't want curious people (you know...the kind that have NO IDEA what they are doing, but they like to explore and mess with things they don't understand) looking at a cookie, and trying to change data in it. (I had a lady mess with her cookie, trying to see if she could make her name show up as something else, but instead the intranet didn't recognise her, and she lost all her settings, etc. Then she was mad at ME! go figure)all serialize does is basically make a string version of a variable or array. its awesome if you have to store things in files instead of databases, because you can just unserialize it to get the original array back.
$array['name'] = "bob";
$array['place'] = "home";
$array['time'] = "12:00";
//turn the array into a single string
$array = serialize($array);
//you can then write this string representation to a file
//you cang et it back into that identical array form with unserialize
$array = unserialize($array);
echo $array['place'];n8 that's right, also using a standard serializing algorithm like WDDX means you can pass your arrays and such across different programming languages. Btw, PHP supports WDDX, but you probably already knew that because, let's face it, php supports bloody everything
Also, with cookies, I've been told that there is a 'method' of sorts to store multiple things in 1 cookie. How might I go about that?
Lastly, I'd like to encrypt some of the stuff that is stored as cookies. Any recommendadtions on what the best way to do so is?
EDIT: NOT hash...I need to be able to retrieve the data. No '1 way' stuff...I forgot to mention that.not unless you keep the time in the cookie I don't believe there is away.
forgot the other parts, man I am doing good today.
to encrpyt it you could try serialize() and unserialize(). if you do a true encrpyt it will take years to decrypt. if that is all you want then I would use md5(). you can also take your session and add whatever you want and serialize it and then you can get it anytime you want by unserializing it. sometimes it could be difficult on doing it either way.
now to do a lot of values to a cookie you need to save the array and not the value of the array. I think that is how it is done.serialize does this:
it changes: password
to: s:8:"password";
so it is still easily read. I'm, looking for something like the mySQL AES_ENCRYPT/AES_DECRYPT
I use them like this:
AES_ENCRYPT($email_username,'".$super_secret_hash_salt."')
if $email_username is aaroncampbell, and $super_secret_hash_salt = "super secret"
then it would return "??æ¿¡è¤嚎?KxA纰秢"
Then you just do this:
AES_DECRYPT("??æ¿¡è¤嚎?KxA纰秢",'".$super_secret_hash_salt."')
and you would get aaroncampbell again.
It doesn't have to be impossible to crack, but I DO have to be able to UNDO it. You can't undo md5.I have racked my brains (such as they are) and can see no reason at all why anyone would ever want to store a password in a cookie file, encrypted or not.
THe idea of a cookie is that you can recognise a user from a particular machine. Why then do you need the password? You will check for a cookie with some pre-defined variables contained within it (one of which will be a username or user id) and log them in accordingly.oh, and serializing is an excellent way of storing variable structure and contents. You can combine it with base64encode() and base64decode() to make it more unintelligible to the human eye (or if you want to pass it as a string in the uri), but this is completely insecureyou can undo md5(), you just bruteforce it.
but, I wouldn't worry about undoing anything. encrpyt it with crpyt() and do a compare. but Torrent has a good point, never keep a password in a cookie.base64encode() is perfect. I'm not storing passwords. I just used the word 'password' to test serialize. I'm storing usernames. I just don't want curious people (you know...the kind that have NO IDEA what they are doing, but they like to explore and mess with things they don't understand) looking at a cookie, and trying to change data in it. (I had a lady mess with her cookie, trying to see if she could make her name show up as something else, but instead the intranet didn't recognise her, and she lost all her settings, etc. Then she was mad at ME! go figure)all serialize does is basically make a string version of a variable or array. its awesome if you have to store things in files instead of databases, because you can just unserialize it to get the original array back.
$array['name'] = "bob";
$array['place'] = "home";
$array['time'] = "12:00";
//turn the array into a single string
$array = serialize($array);
//you can then write this string representation to a file
//you cang et it back into that identical array form with unserialize
$array = unserialize($array);
echo $array['place'];n8 that's right, also using a standard serializing algorithm like WDDX means you can pass your arrays and such across different programming languages. Btw, PHP supports WDDX, but you probably already knew that because, let's face it, php supports bloody everything