记住，密码的哈希实际上与他们的密码相同。窃取哈希值的人对用户的帐户具有相同的访问权限，就像他们窃取了密码一样。因此，除非使用用于验证的cookie存储了一些其他信息（不是），否则不应将用户密码的哈希存储在Cookie中。因子认证）。

Remember, the hash of the password is effectively the same as their password. Somebody who stole the hash would have the same access to the user's account as if they had stolen their password. Therefore it is not advisable to store a hash of the user's password in a cookie unless there was some other information not stored with the cookie that is used to authenticate (i.e. 2-factor authentication).