<div>
<div class="content wysiwyg-content">
Hey guys and gals,<br />
I currently build in ASP but I am starting to dabble in PHP. &nbsp;Please treat my question as a general question, you can give code examples if you want, but not necessary.<br />
<br />
Here is the situation/question:<br />
I was looking through my cookies the other day (in Firefox) and I was appalled to see that I had created a cookie in clear text of my username and password for a service I created. &nbsp;I realize now that creating a &quot;remember me&quot; option for a username/password doesn't mean I should save their username and password in a cookie.....<br />
<br />
First question:<br />
<b>How should a &quot;remember me&quot; option work on the web?</b><br />
<br />
Second question:<br />
<b>How do I store cookies/sessions without the text being readable? </b><br />
<br />
Thanks,<br />
Slim
</div>
</div>


Hey guys and gals,
I currently build in ASP but I am starting to dabble in PHP.  Please treat my question as a general question, you can give code examples if you want, but not necessary.

Here is the situation/question:
I was looking through my cookies the other day (in Firefox) and I was appalled to see that I had created a cookie in clear text of my username and password for a service I created.  I realize now that creating a "remember me" option for a username/password doesn't mean I should save their username and password in a cookie.....

First question:
How should a "remember me" option work on the web?

Second question:
How do I store cookies/sessions without the text being readable? 

Thanks,
Slim

Logic behind protecting cookies and sessions variables

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Security

Web browsers are applications used primarily to display documents, files and media from the Internet, identified by a Uniform Resource Identifier (URI) that can be a page, image, video or other file. Some browsers require the use of add-ons or extensions to safely render the information they receive; others have systems built into them to perform the same functions.

Web Browsers

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.