encoding cookie content
View Single Post
02-19-2008, 05:52 PM
Join Date: Jan 2008
You can create your own "encryption algorithm", for example:
new_cartID = cartID * 13 + 7
Then to reverse back the number:
old_cartID = (new_cartID - 7) / 13
After creating the new cartID you could base64 encode it to store it in the cookie.
This example is too simple, but if your cartID was 10, the new_cartID would be 137. If you base64 encode 137 you get MTM3. A smart guy trying to manipulate the cookie could base64 decode it back to 137.. but he doesn't know that 137 is not the real cartID.
This method won't eliminate the possibility of a person seeing the cart of another. If the smart guy changes his cookie to MTI0, your PHP script will decode it to 124, then convert 124 to 9 [(124-7)/13].. which could be a valid cartID of another customer.
If you really want security then you should look for encryption algorithms like blowfish, aes, des, RC4.
RC4 is very simple, yet powerfull, and should do the job for you.
You provide a password/key and the data and it returns the encrypted data, the only way to decrypt it is to RC4 it again using the same password/key. There are a lot of RC4 classes available for download, like
View Public Profile
Send a private message to DeMo
Visit DeMo's homepage!
Find More Posts by DeMo