[Zope] Save a password encripted in a cookie

Kirk Strauser kirk at daycos.com
Tue Sep 14 11:01:50 EDT 2004


On Tuesday 14 September 2004 07:46, Martin Koekenberg wrote:

> I want to store a username and a password in a cookie on the users
> system. This for an auto login feature.

Don't.  The standard way is to generate a random "session ID" and store that 
in a database or Zope object, and give the user that string in a cookie.  
Whenever the user sends ID cookie, you look in your database for the 
existence or state of that session.  Don't just store the username and 
password on the machine without explicitly notifying the user that you're 
doing so.
-- 
Kirk Strauser
The Day Companies


More information about the Zope mailing list