|
|
|
|
|
|
by unclebucknasty
4729 days ago
|
|
|
I'm not sure why you'd ever want to put something password-derived in a cookie--even if its sha256'd 8 dozen times, then scrypted, etc. There's just no value in using the password as a basis. Why not instead just generate a random, unique token? |
|
|