I read some articles and questions about SO (like here ) that say you should not store your user password in a cookie. If the password is salty and hashed, why is it unsafe?
In particular, why is it less secure than using sessions, is an alternative usually offered? If the user wants to log in, then of course this new cookie (with session ID / hash) is just as secure as the one that has the user password? If the cookie is “stolen” in any way, an attacker could log in as a user in the same way.
EDIT . The main problem is that the user remains logged in, that is, through "Remember Me"? checkbox. In this case, of course, there is only one session?
source
share