User Login - Keeping track of a logged user?

[objN00B]

Im fairly new to PHP scripting, have a few books. Just bought a new hardcopy

of PHP Cookbook (PHP5), got a few other books in PDF. Anyhow...

 

I wanna explore the best ways of keeping and checking if a user is logged in or

requires authentication, through PHP scripting.

 

Some ways I've thought about are,

 

Cookies. Setting a temporary cookie that expires when the browser closes, or

at a specific time determined by the user or coder. Check login cookie, if exists

user is logged in,  else redirect to login form.

Pros: affective, low overhead. Cons: cookies must be enabled.

**Now, I'm not sure how secure cookies are by means if cookies can be

replicated to act authentic.

 

Database Entries. INSERT data into table that tracks users by login date time.

If query returns user check date with a predetermined expiration date. Etc.

Pros: logs without extra coding. Cons: extra coding, unnecessary use of the DBMS

 

These are the ideas I've been tossing around in my noggin. I'm sure there is a

practical and secure way of validating a current login. Maybe I can create and

use a session variables to keep track of of login status.

 

 

I'm looking for the most practical, efficient, and secured way of handling login

validation. Any input would be great, thanks!

[Festy]

For the sensitive and important data like user login information, I'd strongly recommend the use of sessions. Because cookie values can be changed by any amateur hacker, whereas sessions (which are identified by a cookie via PHPSESSID) are far more difficult to change. Furthermore, to find the value of PHPSESSID cookie you need a man-in-the-middle-attack, which is way more difficult that changing the value of your cookie.

 

So the bottom line is, only use a cookie to store unimportant things, whereas using a session is  much safer since nobody can change the value of the linked session variables.

 

Just forget about database for handling user login information. It's not practical.