dt_gry Posted October 12, 2008 Share Posted October 12, 2008 okay I understand on how to set expiration, path, secure, and all that. However I am wanting to store the username, login start time, and ip address in the users cookie. I am unsure of how to this but have thought of some ideas. 1. I could copy the username to the cookie, by doing form action but can I set more than one action for a form, my thought based off my reading is no. 2. I could just pass variables from the login script page to my set_cookie file. The only method I could find for that was by url and I dont like that idea for security reasons. Any suggestions guys? Am I even thinking of this correctly? Thanks dt_gry Quote Link to comment https://forums.phpfreaks.com/topic/128120-cookies-so-confused/ Share on other sites More sharing options...
Andy17 Posted October 12, 2008 Share Posted October 12, 2008 If you have your login script working, can't you just set 3 cookies where the login is successful? One for username, one for login start time, one for ip address. You would already have the username variable ready from your login check and I assume the login start time would just be time()? The IP would just be $_SERVER['REMOTE_ADDR']. So something like this, I imagine: <?php $time = 60 * 60 * 24 * 365 * 20 + time(); // Expiration date = 20 years // I assume you have a variable to the username set already setcookie('user_name_cookie', $username, $time); $time2 = time(); setcookie('user_start_time', $time2, $time); $ip = $_SERVER['REMOTE_ADDR']; setcookie('user_ip_address', $ip, $time); ?> I'm new to this myself so I could be way off. Worth a shot I guess. You should also consider using sha1() on your cookie values. Quote Link to comment https://forums.phpfreaks.com/topic/128120-cookies-so-confused/#findComment-663505 Share on other sites More sharing options...
.josh Posted October 12, 2008 Share Posted October 12, 2008 Better method would be to store all the information as a single encrypted string and have your script decrypt and separate it. I feel I should mention though that most browsers these days already have their own user/pass storage system in place, which makes not having "auto-logins" not that big of a deal. Sure, the user still has to physically click the login button, but IMO that's a good tradeoff for the potential security risks of storing that sort of info in cookies. Just throwing it out there. Quote Link to comment https://forums.phpfreaks.com/topic/128120-cookies-so-confused/#findComment-663559 Share on other sites More sharing options...
dt_gry Posted October 12, 2008 Author Share Posted October 12, 2008 Thanks guys, I will try out the 3 cookie idea, although it seems a little inefficient however I will use it till I find something better. Crayon Violent: I am wanting to only store the username really so that I can keep activity logs in a mysql database to monitor usage I am also storing ip address in the database. This is all to make sure that log-in accounts are not being shared or hacked. Thanks guy, any more ideas please let me know. dt_gry Quote Link to comment https://forums.phpfreaks.com/topic/128120-cookies-so-confused/#findComment-663587 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.