Why should I use session id in cookie instead of storing login and (hashed) password in cookie?

Question

(I was surprised that this question wasn\'t asked on Stack for now, but I\'ve done some searching and couldn\'t find anything o.O)

I am working on service-based webapp a

Answer 1

Storing the hashed password as a cookie is very nasty vulnerability and is an OWASP Violation. The whole point in hashing a password is you are forcing the attacker to break the hash in order to login. If the attacker can just pull the hash from the database and then login, then you have a system that is equivalent to storing password in plain text.

Every platform has a session handler, in php just use session_start() and the $_SESSION super global. By writing your own session handler you will be less secure.