Jump to content


Photo

Cookies, or sessions?


  • Please log in to reply
3 replies to this topic

#1 localhost

localhost
  • Members
  • PipPipPip
  • Advanced Member
  • 152 posts

Posted 22 July 2006 - 01:25 AM

Say you are developing a very important web application that requires multiple users signing up and being at this website ALOT. Which would you recommend for security and no annoyance of being logged out?

What are the pro's and con's to each one?

#2 Joe Haley

Joe Haley
  • Members
  • PipPipPip
  • Advanced Member
  • 103 posts
  • LocationCanada, eh?

Posted 22 July 2006 - 01:37 AM

Both.

Use sessions for active user sessions, and a 'remember me' system for letting users gain a user session without activly logging in.

A 'remember me' cookie is commonly the username and encrypted password, allowing you to check for the cookie when initializing sessions and such.

I personally woulnt store a password in there. i would store a unique id alongside the users information in a DB / Flatfile, and set the cookie to that value. (and modify both values to a new unique id every time a new active session is created)
Give a man a fish; you have fed him for today.  Teach a man to fish; and you have fed him for a lifetime
Don't teach men to program. Teach them to fish.

Please, try the RTFM solution before asking for help:
http://php.net/manual/en/index.php

#3 digitalgod

digitalgod
  • Members
  • PipPipPip
  • Advanced Member
  • 374 posts

Posted 22 July 2006 - 02:06 AM

yeah that's exactly what I do

<?php
if ($remember == "yes") {
      $_SESSION['remember']=$uname;
	  setcookie("remember",$uname,time()+31449600,"/",$site_address);
      }
      else {
      $_SESSION['remember']=$uname;
      }
?>


#4 Joe Haley

Joe Haley
  • Members
  • PipPipPip
  • Advanced Member
  • 103 posts
  • LocationCanada, eh?

Posted 22 July 2006 - 02:11 AM

yeah that's exactly what I do

<?php
if ($remember == "yes") {
      $_SESSION['remember']=$uname;
	  setcookie("remember",$uname,time()+31449600,"/",$site_address);
      }
      else {
      $_SESSION['remember']=$uname;
      }
?>


If $uname only contains their username, thats bad, as anyone can use that information to login to their session.
Give a man a fish; you have fed him for today.  Teach a man to fish; and you have fed him for a lifetime
Don't teach men to program. Teach them to fish.

Please, try the RTFM solution before asking for help:
http://php.net/manual/en/index.php




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users