I recently posted a hacker challenge that consisted in a vulnerable login form, and specifically the vulnerabilities was found in the way the cookie was set, well for this tutorial I’ve decided to do a basic introduction to the mechanics of login forms and cookies in php using mysql as the database backend. On the application side, you can use cookies in you PHP scripts to control access to certain areas of your web site. A cookie is a small amount of data stored by the user’s browser in compliance with a request from a server or script. A host can request that up to 20 cookies be stored by a user’s browser. Read the rest of this entry »