Hello! Tell me, please, what authentication method for php site is now the most secure? Using sessions and storing encrypted passwords in the database?
What other authorization methods exist? I can be wrong, but there are either sessions or cookies.
Which one is better - google help
I chose a session for myself (all information is stored on the server, FIG who steals what). Well, of course it is better to store passwords in encrypted form, and without the possibility of reverse decryption - md5 ($ password. "Salt"). To implement account access recovery, the old password cannot be found at all, just enter a new one.
By the way, when I was digging into this issue, I found out that all the websites that send you your old password to your e-mail keep it in the unencrypted form, so if they are suddenly hacked, the attackers will see your password on a platter.