PHP Web Application Security Vulnerabilities

Checking the hash

• When you get the data back, re-hash

• Compare received and calculated hashes

Receiving and verifying the cookie



list($cookie_id,$cookie_hash) = explode('-',$_COOKIE['id']);
if (md5($secret_word.$cookie_id) == $cookie_hash) {
    $id = $cookie_id;
} else {
    die('Invalid cookie.');
}