cookie and session security

[Ancient]

I don't really know how to use cookies so I've been using Sessions.

Is that safe?

I've been putting passwords as md5, but I dunno if my portals are safe or not.
I've heard that there are cookie injectors or something like that.

[sPlOrYgOn]

well if memory serves me correctly.. Sessions are server-side info storages with Session IDs that are saved in cookies (client-side). So, unless there's a way for someone to steal a Session ID from someone then access the Session's info which is stored server-side, there shouldn't be any security problems.

[Ancient]

Well I have just recently made cookies for AoEEmpire.com

I've made it so people create cookies with ID and Username.
So when they auto-login with Username and ID function.

But....
I don't know.
Could you check it out if you have time?
www.AoEEmpire.com


I've tried tampering with my Cookies, but they delete themselves when I open the site.

The IDs are quite simple. like 1,2,3 etc....
But, I figured if phpBB did it, I could too, but I don't know much about security stuff.
I've tried entering a hacking attempt incase the username or password weren't the same but that backfired so I took it out.

I have it so you can fetch MySQL Info with the Session_id
and Check if the Session_username is the same as the name it fetched then it would create more sessions with the fetched mysql data.
Should I give you the common.php?
It fetches everything but the md5 password...

Right now I'm trying to create sessions so I can display usernames within the last 15 minutes etc...
Hopefully I can get it up when I open the site.

[Ancient]

I've just created a random 30 char code activation function so hopefully nobody will ever get to see them.