vijdev Posted August 9, 2010 Share Posted August 9, 2010 after authenticating username and password,i have a parameter like: $_SESSION['logged']=1 should i be storing this as a cookie?..if yes, then can anyone modify cookie, to have this parameter as "1", and gain access? Link to comment https://forums.phpfreaks.com/topic/210260-sessions-vs-cookies-for-authentication-storage/ Share on other sites More sharing options...
gizmola Posted August 9, 2010 Share Posted August 9, 2010 No, you should use sessions. Sessions already default to using cookies to pass the session id between requests, but the session data remains on the server, so there's no way the user can tamper with it. Link to comment https://forums.phpfreaks.com/topic/210260-sessions-vs-cookies-for-authentication-storage/#findComment-1097237 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.