localhost Posted July 22, 2006 Share Posted July 22, 2006 Say you are developing a very important web application that requires multiple users signing up and being at this website ALOT. Which would you recommend for security and no annoyance of being logged out?What are the pro's and con's to each one? Quote Link to comment Share on other sites More sharing options...
Joe Haley Posted July 22, 2006 Share Posted July 22, 2006 Both.Use sessions for active user sessions, and a 'remember me' system for letting users gain a user session without activly logging in.A 'remember me' cookie is commonly the username and encrypted password, allowing you to check for the cookie when initializing sessions and such.I personally woulnt store a password in there. i would store a unique id alongside the users information in a DB / Flatfile, and set the cookie to that value. (and modify both values to a new unique id every time a new active session is created) Quote Link to comment Share on other sites More sharing options...
digitalgod Posted July 22, 2006 Share Posted July 22, 2006 yeah that's exactly what I do[code]<?phpif ($remember == "yes") { $_SESSION['remember']=$uname; setcookie("remember",$uname,time()+31449600,"/",$site_address); } else { $_SESSION['remember']=$uname; }?>[/code] Quote Link to comment Share on other sites More sharing options...
Joe Haley Posted July 22, 2006 Share Posted July 22, 2006 [quote author=digitalgod link=topic=101440.msg401533#msg401533 date=1153533975]yeah that's exactly what I do[code]<?phpif ($remember == "yes") { $_SESSION['remember']=$uname; setcookie("remember",$uname,time()+31449600,"/",$site_address); } else { $_SESSION['remember']=$uname; }?>[/code][/quote]If $uname only contains their username, thats bad, as anyone can use that information to login to their session. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.