in reply to Re: Re: Encrypted Storage of sensible Data in a Cookie
in thread Encrypted Storage of sensible Data in a Cookie

Almost. You're not storing the users' passwords on the server, but the "secret key".

Here's some actual (old) code: 
        my $secret_key = "BLAHBLAHBLAH";
        my $session_cookie = $query->cookie('SessionID');
        umask 0066;
        if($session_cookie) {
                my $mac;
                if(($sessionid, $mac) = split("-", $session_cookie)) {
                        ###Ok, the user has returned a cookie,
                        ###let's make sure it's not been tampered with
+.
                        if($mac ne md5_hex($sessionid . md5_hex($sessi
+onid.$secret_key))) {
                                destroy_cookie($sessionid, "MODIFIED")
+; ###Ack. Nasty people
                                return;
                        } else {
                ###Other checks.
            }

[download]
This way you're not storing the password, you're just making sure the user doesn't modify the data. A reasonable golden rule is: "NEVER trust the data the user hands you".

In Section Cool Uses for Perl