arbitter Posted April 1, 2010 Share Posted April 1, 2010 Currently, the login on my site is determined by sessions. So practically each time you visit the site you have to login again. Currently it's all done with sessions, so each page contains session_start() int he beginning (not to lose the session). Now, I want to go and make it all with cookies. The problem is, I really don't know how to do this. I have a really difficult login page, but I can't just 'make a cookie' in the middle of it, can I? A cookie needs to be set before any line of html if I'm correct? So I could redirect the user to another site that makes the cookie right after he logs in, but that would mean everybody could visit that url and get a cookie. How do I do this? And if I use cookies, I can delete all the session_start()'s, and I'll only need the $_COOKIE if it is necessary to be logged in to do a certain function? Secondly; what do you guys recommend to put in the cookie? I thought making 1 cookie with only the email-address would be enough, but a tutorial I searched used multiple cookies. (In case of multiple cookies; should I compare those with each other to verify a login?) And yet another question; are you allowed to write some php handling's before you SET a cookie? For example to first check if a form was fully filled (not empty) or not, and with that in mind make the cookie or not? I'm new to cookies, I made my first one yesterday, concerning a user-choice-color, and it worked (after ages of trying only to find out it was a typo). I hope this question is not too much to ask, you can give a little description and I'll try to do it by that (though I'm very clumsy). Any help will be much appreciated! Quote Link to comment https://forums.phpfreaks.com/topic/197245-going-from-_session-to-_cookie/ Share on other sites More sharing options...
DLR Posted April 1, 2010 Share Posted April 1, 2010 Hi, I have had no problem putting cookies in the "middle" of a script. Just watch out for the "headers already sent" type message if you output before a header. There's quite a lot on this sort of problem in the tutorials. In particular read the tutorial on security (by DanielO) - to avoid giving away the house as well. Simply put, I think you can create your cookies wherever - but be mindful of security - it may be that Sessions is a better way to do the job. A little longer, but probably more secure. Quote Link to comment https://forums.phpfreaks.com/topic/197245-going-from-_session-to-_cookie/#findComment-1035355 Share on other sites More sharing options...
JustLikeIcarus Posted April 1, 2010 Share Posted April 1, 2010 Ideally you should create a session and store its id, login time, expiration, etc... in the database. Then use a cookie which contains the session id. If the session exists in the db and hasn't expired then the user is still logged in. Here is a simple session class which does some of what I am talking about. class SessionDB { private $data=null; private $session_id=null; private $minutes_to_expire=3600; // TIME TO MAINTAIN DATA ON DB public function __construct(){ global $SESSION; if (isset($_COOKIE['session_id'])){ $this->session_id = $_COOKIE['session_id']; } else { $this->session_id = md5(microtime().rand(1,9999999999999999999999999)); // GENERATE A RANDOM ID setcookie('session_id',$this->session_id); $sql = "INSERT INTO `tb_session_db` (`session_id`, `updated_on`) VALUES ('{$this->session_id}', NOW())"; mysql_query($sql); } $sql = "SELECT `value` FROM `tb_session_db` WHERE `session_id`='{$this->session_id}'"; $query = mysql_query($sql); $this->data = unserialize(mysql_result($query, 0, 'value')); $SESSION = $this->data; } private function expire(){ $date_to_delete = date("Y-m-d H:i:s", time()-60*$this->minutes_to_expire); $sql = "DELETE FROM `tb_session_db` WHERE `update_on` <= '$date_to_delete'"; mysql_query($sql); } public function __destruct(){ global $SESSION; $this->data = serialize($SESSION); $sql = "UPDATE `tb_session_db` SET `value`='{$this->data}', `updated_on`=NOW() WHERE `session_id`='{$this->session_id}'"; mysql_query($sql); $this->expire(); } } Quote Link to comment https://forums.phpfreaks.com/topic/197245-going-from-_session-to-_cookie/#findComment-1035357 Share on other sites More sharing options...
arbitter Posted April 1, 2010 Author Share Posted April 1, 2010 Whoa this all sounds really difficult. If I use JustLikeIcarus's method, isn't it the same as only using sessions, but then much more difficult? Thanks for the tips, and I'll most certainly go search for that tutorial! Quote Link to comment https://forums.phpfreaks.com/topic/197245-going-from-_session-to-_cookie/#findComment-1035363 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.