alex3 Posted August 16, 2009 Share Posted August 16, 2009 Hi, I currently have a fully working site that just uses sessions, but I'm looking to add cookies. I know how to add cookies and check for them; the problem is I can't think of the proper 'order' to do things. What I *think* should happen is this: [*]Users logs in. If the 'remember' box isn't checked, just create a new session and proceed as normal. [*]If the 'remember' box isn't checked, set a cookie that lasts a month (or whatever) and then create a new session. [*](This is where I'm struggling) If a user returns, check for the cookie and if they have one, just create another session and proceed as normal. [*]Throughout the users visit to the site, only check for a SESSION variable, only check for a cookie on login.php The trouble is that third point; isn't it easy to forge a cookie, and therefore to get easy access to the site? What should I put in the cookie, the username, the password? Should I create a number of cookies? Link to comment https://forums.phpfreaks.com/topic/170526-proper-configuration-of-cookies-and-sessions/ Share on other sites More sharing options...
sKunKbad Posted August 16, 2009 Share Posted August 16, 2009 See the docs: session_set_cookie_params() You can extend the life of your session beyond when the user closes their browser, with a persistent session cookie. Link to comment https://forums.phpfreaks.com/topic/170526-proper-configuration-of-cookies-and-sessions/#findComment-899531 Share on other sites More sharing options...
alex3 Posted August 16, 2009 Author Share Posted August 16, 2009 So, from looking at the docs, am I right in saying all I need to do is add a session_set_cookie_params function at the top of the first page the user logs in to? I have a login page (call it login.php) a page to process the login which is called via AJAX (call it login-process.php) and then a page which is protected; the first page a user sees when they log in (index.php). I should add session_set_cookie_params at the top of index.php? How would I transfer the information to index.php from login_proc.php that the user wants to be remembered? Sorry for the questions, I just had no idea this route existed so I can't grasp it fully at the moment (as an addition, I'm on a shared server, so would there be a problem in trying to extend PHP session lifetimes?) Link to comment https://forums.phpfreaks.com/topic/170526-proper-configuration-of-cookies-and-sessions/#findComment-899561 Share on other sites More sharing options...
sKunKbad Posted August 19, 2009 Share Posted August 19, 2009 It goes before session_start() on any script that calls session_start(). Link to comment https://forums.phpfreaks.com/topic/170526-proper-configuration-of-cookies-and-sessions/#findComment-901977 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.