alex3 Posted August 16, 2009 Share Posted August 16, 2009 Hi, I currently have a fully working site that just uses sessions, but I'm looking to add cookies. I know how to add cookies and check for them; the problem is I can't think of the proper 'order' to do things. What I *think* should happen is this: [*]Users logs in. If the 'remember' box isn't checked, just create a new session and proceed as normal. [*]If the 'remember' box isn't checked, set a cookie that lasts a month (or whatever) and then create a new session. [*](This is where I'm struggling) If a user returns, check for the cookie and if they have one, just create another session and proceed as normal. [*]Throughout the users visit to the site, only check for a SESSION variable, only check for a cookie on login.php The trouble is that third point; isn't it easy to forge a cookie, and therefore to get easy access to the site? What should I put in the cookie, the username, the password? Should I create a number of cookies? Quote Link to comment https://forums.phpfreaks.com/topic/170526-proper-configuration-of-cookies-and-sessions/ Share on other sites More sharing options...
sKunKbad Posted August 16, 2009 Share Posted August 16, 2009 See the docs: session_set_cookie_params() You can extend the life of your session beyond when the user closes their browser, with a persistent session cookie. Quote Link to comment https://forums.phpfreaks.com/topic/170526-proper-configuration-of-cookies-and-sessions/#findComment-899531 Share on other sites More sharing options...
alex3 Posted August 16, 2009 Author Share Posted August 16, 2009 So, from looking at the docs, am I right in saying all I need to do is add a session_set_cookie_params function at the top of the first page the user logs in to? I have a login page (call it login.php) a page to process the login which is called via AJAX (call it login-process.php) and then a page which is protected; the first page a user sees when they log in (index.php). I should add session_set_cookie_params at the top of index.php? How would I transfer the information to index.php from login_proc.php that the user wants to be remembered? Sorry for the questions, I just had no idea this route existed so I can't grasp it fully at the moment (as an addition, I'm on a shared server, so would there be a problem in trying to extend PHP session lifetimes?) Quote Link to comment https://forums.phpfreaks.com/topic/170526-proper-configuration-of-cookies-and-sessions/#findComment-899561 Share on other sites More sharing options...
sKunKbad Posted August 19, 2009 Share Posted August 19, 2009 It goes before session_start() on any script that calls session_start(). Quote Link to comment https://forums.phpfreaks.com/topic/170526-proper-configuration-of-cookies-and-sessions/#findComment-901977 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.