in reply to Encrypted Storage of sensible Data in a Cookie
You may also want to try a MAC (message authentication code),
whereby you generate a one-way hash (MD5 or similar) of the
contents of the cookie together with a "secret key", known
only to the server.
When you get the cookie back, you compare the MAC the client hands back with a freshly generated one.
This is to ensure the client doesn't alter the cookie you hand them. Chapter 6 of "Writing Apache Modules with Perl and C" (O'Reilly) is probably useful.
It also recommends using an MD5 hash of an MD5 hash of the data, for reasons I can't remember.
When you get the cookie back, you compare the MAC the client hands back with a freshly generated one.
This is to ensure the client doesn't alter the cookie you hand them. Chapter 6 of "Writing Apache Modules with Perl and C" (O'Reilly) is probably useful.
It also recommends using an MD5 hash of an MD5 hash of the data, for reasons I can't remember.
In Section
Snippets Section