Jump to content

Archived

This topic is now archived and is closed to further replies.

localhost

Cookies, or sessions?

Recommended Posts

Say you are developing a very important web application that requires multiple users signing up and being at this website ALOT. Which would you recommend for security and no annoyance of being logged out?

What are the pro's and con's to each one?

Share this post


Link to post
Share on other sites
Both.

Use sessions for active user sessions, and a 'remember me' system for letting users gain a user session without activly logging in.

A 'remember me' cookie is commonly the username and encrypted password, allowing you to check for the cookie when initializing sessions and such.

I personally woulnt store a password in there. i would store a unique id alongside the users information in a DB / Flatfile, and set the cookie to that value. (and modify both values to a new unique id every time a new active session is created)

Share this post


Link to post
Share on other sites
yeah that's exactly what I do

[code]
<?php
if ($remember == "yes") {
      $_SESSION['remember']=$uname;
  setcookie("remember",$uname,time()+31449600,"/",$site_address);
      }
      else {
      $_SESSION['remember']=$uname;
      }
?>
[/code]

Share this post


Link to post
Share on other sites
[quote author=digitalgod link=topic=101440.msg401533#msg401533 date=1153533975]
yeah that's exactly what I do

[code]
<?php
if ($remember == "yes") {
      $_SESSION['remember']=$uname;
  setcookie("remember",$uname,time()+31449600,"/",$site_address);
      }
      else {
      $_SESSION['remember']=$uname;
      }
?>
[/code]
[/quote]

If $uname only contains their username, thats bad, as anyone can use that information to login to their session.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.