Cookie e Sicurezza

[Anarchia_92]

Salve scusate il disturbo ma avrei bisogno di un aiutino per migliorare la sicurezza di cookie e sessioni... allora io ho il seguente script di login:

Codice PHP:

<?php
$link = "http://localhost";

require_once('./class/database.class.php');
require_once ('./class/security.class.php');
require_once('./functions/language.php');

$dbconnect = new Database();
$security = new Security();

$dbconnect->Connect();
$security->control_Post();
$security->control_Get();

session_start();

if ((isset($_SESSION['login']) == 1) or (isset($_COOKIE['username']) == 1)) {
    $username = $_COOKIE['username'];

    print($language['welcomeuser']);
    print("". $username);
    print("

<a href=\"esempiologout.php\">Logout</a>");
}
else {
?>

<form action="" method="post">
    <table width="75%" align="center">
        <tr>
            <td width="50%" height="30px" colspan="2" align="left"><?php print($language['welcome']); ?>[/b]</td>
        </tr>
        <tr>
            <td width="50%" height="30px" align="right"><?php print($language['username']); ?>:</td>
            <td width="50%" height="30px" align="left"><input type="text" name="username" /></td>
        </tr>
        <tr>
            <td width="50%" height="30px" align="right"><?php print($language['password']); ?>:</td>
            <td width="50%" height="30px" align="left"><input type="password" name="password" /></td>
        </tr>
        <tr>
            <td width="50%" height="30px" align="right"><?php print($language['remember']); ?>:</td>
            <td width="50%" height="30px" align="left"><input type="checkbox" name="remember"  checked="checked" /></td>
        </tr>
        <tr>
            <td align="center" colspan="2" height="30px" align="center"><input type="submit" value="Login" name="login" /></td>
        </tr>
    </table>
</form>

<?php
if (isset($_POST['login'])) {
    $username = $_POST['username'];
    $password = $_POST['password'];

    $username = $security->control_Username($username);
    $password = $security->control_Password($password);

    $passwordcrypt = md5(sha1($password));

    $query = $dbconnect->Query("SELECT * FROM pp_users WHERE username='$username' AND password='$passwordcrypt'");
    $result = $dbconnect->fetchObject($query);

    if (!$result) {
        exit("Login is Failed!
Please try Again!");
    }
    else {
        if(isset($_POST['remember'])) {
            $link = str_replace("http://", "", $link);
            $site = str_replace("/", "", $link);
            
            setcookie('username', $username,  time() + 86400, '/', $site);

            print("Login Completed!");
        }
        else {
            $_SESSION['login'] = 1;
            $_SESSION['username'] = $username;
            $_SESSION['password'] = $password;

            session_write_close();

            print("Login Completed!");
        }
    }
}
}
?>

ora visto che vengono inviate sessioni e in caso cookie vorrei capire come migliorare la sicurezza sia delle sessioni che dei cookie e in caso cosa c'è da modificare... grazie