Hi,
How can i encrypt and later decrypt a value of a cookie in PHP (how secure will the encryption be )
+3
A:
There a variety of different ways to encrypt information in cookies and elsewhere. The strength of the encryption will vary by the method you choose to do the actual encryption. mycrypt is a good place to start. See this answer for an example of using mcrypt.
I don't recommend putting anything sensitive in a cookie, even if it is going to be encrypted. Way too tempting for someone to crack. Try sticking to sessions if you can.
John Conde
2010-04-15 19:44:43
+5
A:
I can not simply think of a situation where encrypting data in the cookie is useful. If you want to retain secret data about the user or his preferences, information, whatever, then store it on the server in files, in the session or in the database, but not in the client's computer.
On the other hand, if you creating an authentication, then you should use sessions instead of creating secret encrypted cookie values. Sessions weren't implemented for nothing, they are the way to go.
Kai Sellgren
2010-04-16 11:28:39
A:
I am in full agreement with the other answers: If the data is truly sensitive it should be stored server side in a session, not in a cookie.
As far as ways to encrypt cookie contents, the Suhosin PHP extension provides the ability to transparently encrypt all cookies. If you have the ability to install PHp extensions this may or may not be easier for you than writing your own encryption scheme.
Josh
2010-04-22 13:23:14