Yeodan Posted May 2, 2009 Share Posted May 2, 2009 Some login cookie questions: It seems impossible to store more than 1 value in a cookie, is this correct? So I have to make multiple cookies to store multiple values? What values should I store in my cookie? I'm making a MMORPG browser game. I think I need player name + password, wich are both required to log in. Is this correct? Is it safe to store the password in a cookie? Should I encrypt it or not? If I encrypt it, is that safe? Doesn't sound very safe to me either way. Link to comment https://forums.phpfreaks.com/topic/156596-solved-login-cookie-help/ Share on other sites More sharing options...
Ken2k7 Posted May 2, 2009 Share Posted May 2, 2009 I wouldn't include a password value in a cookie. You can have more than one value in a cookie. Create an array of values, then serialize it before putting it into a cookie. Link to comment https://forums.phpfreaks.com/topic/156596-solved-login-cookie-help/#findComment-824529 Share on other sites More sharing options...
Yeodan Posted May 2, 2009 Author Share Posted May 2, 2009 then how should I make a login cookie if I can't include the password? Link to comment https://forums.phpfreaks.com/topic/156596-solved-login-cookie-help/#findComment-824543 Share on other sites More sharing options...
Ken2k7 Posted May 2, 2009 Share Posted May 2, 2009 Why do you need to include the password? Sounds more like an architecture problem. Link to comment https://forums.phpfreaks.com/topic/156596-solved-login-cookie-help/#findComment-824545 Share on other sites More sharing options...
Yeodan Posted May 2, 2009 Author Share Posted May 2, 2009 I'm also getting this weird error: Warning: Cannot modify header information - headers already sent by (output started at /home/mortalas/public_html/login.php:7) in /home/mortalas/public_html/includes/login.php on line 110 line 110: setcookie("MApNumber", $number, time()+32000000); Link to comment https://forums.phpfreaks.com/topic/156596-solved-login-cookie-help/#findComment-824547 Share on other sites More sharing options...
Yeodan Posted May 2, 2009 Author Share Posted May 2, 2009 Why do you need to include the password? Sounds more like an architecture problem. How will I validate the user without the password? I can't just let anyone who has a cookie log in, cookies are easy to make! Link to comment https://forums.phpfreaks.com/topic/156596-solved-login-cookie-help/#findComment-824550 Share on other sites More sharing options...
Ken2k7 Posted May 2, 2009 Share Posted May 2, 2009 I'm also getting this weird error: Warning: Cannot modify header information - headers already sent by (output started at /home/mortalas/public_html/login.php:7) in /home/mortalas/public_html/includes/login.php on line 110 line 110: setcookie("MApNumber", $number, time()+32000000); Can you post the lines before that? Also, have you heard of SESSIONS? Link to comment https://forums.phpfreaks.com/topic/156596-solved-login-cookie-help/#findComment-824553 Share on other sites More sharing options...
Yeodan Posted May 2, 2009 Author Share Posted May 2, 2009 there's quite a lot of code in front of it, why? what conditions should be met to be able to set a cookie? yes I've heard of sessions, my site uses sessions to log in users I want to use cookies to remember the user next time he wants to play Link to comment https://forums.phpfreaks.com/topic/156596-solved-login-cookie-help/#findComment-824562 Share on other sites More sharing options...
Philip Posted May 2, 2009 Share Posted May 2, 2009 output started at /home/mortalas/public_html/login.php:7 Means it will be on line 7 Remember the sticky for header errors: http://www.phpfreaks.com/forums/index.php/topic,37442.0.html Link to comment https://forums.phpfreaks.com/topic/156596-solved-login-cookie-help/#findComment-824564 Share on other sites More sharing options...
Ken2k7 Posted May 2, 2009 Share Posted May 2, 2009 there's quite a lot of code in front of it, why? what conditions should be met to be able to set a cookie? yes I've heard of sessions, my site uses sessions to log in users I want to use cookies to remember the user next time he wants to play Set a cookie with a value of something like: array('id' => 'userid', 'name' => 'username', 'status' => 'registered') And anything else you need. No need to put password. You should be able to reference the user by that alone. Heck, I would set sessions with those values. Link to comment https://forums.phpfreaks.com/topic/156596-solved-login-cookie-help/#findComment-824567 Share on other sites More sharing options...
Yeodan Posted May 2, 2009 Author Share Posted May 2, 2009 so what if some registered player looks at his cookie and replaces his number with a random other number? he'll have access to the other account ... my sessions use: session id, player number, player ip for the cookies I just want to use the player number and password and I want the cookie to handle the login in stead of the form so ppl don't have to log in each time they visit the site Link to comment https://forums.phpfreaks.com/topic/156596-solved-login-cookie-help/#findComment-824568 Share on other sites More sharing options...
Ken2k7 Posted May 3, 2009 Share Posted May 3, 2009 You can include in a unique session id that's only for one user. It can be like a sha1(username + password + random_letters) or something like that. Get creative! Link to comment https://forums.phpfreaks.com/topic/156596-solved-login-cookie-help/#findComment-824572 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.