Hello freaks,
In this new project of mine I'm trying to make things as elegant as possible, so I'm trying to avoid any hashing and long strange-looking strings and other types of stuff that just scares the crap out of users that know no better. I've just thought of a way to keep users logged in without hashing any cookies but I am not quite sure how secure it is. The way it works is whenever a user logs in, I create a cookie in his browser named User_ID which only contains the numeric value of his ID in the database. Now the other thing I do is save his I.P. address in the database under the field "ip_last_login". That way when the user opens the website again as well as his ID his IP will be checked with the last logged IP and if they don't match the cookie is deleted. Note that every time the user logs in from different IPs ( using his password ) the last login IP column is updated.
What I want to ask is if it is vulnerable to XSS attacks or any other type of attacks, because there might be some cracks in this type of system that I'm not aware of.
Thank you in advance.