Jump to content

Cookies


doddsey_65

Recommended Posts

When a user logs in it sets a cookie with their user id and sets the time they choose(either a session cookie or a cookie lasting one year for users who wish to stay logged in). when they select to stay logged in forever and close the browser the next time they open it, it tells them they arent logged in. however when they go to a new page they appear to be logged in. What i dont understand is why they have to go to a new page for it to say they are logged in. Here is the code which runs everytime the site is load

 

if (isset($_COOKIE['uid']))
{
    $user->setup($_COOKIE['uid']);
}

 

user setup basically selects their info from the database and sets their username and other info to variables.

 

Anyone know a better way to do this?

Link to comment
Share on other sites

I hope that $_COOKIE['uid'] isn't just an auto-increment value from your database table, as that would allow anyone to simply try a series of sequential numbers and easily appear to be anyone, even you when they find your uid value.

 

As to the stated login problem, it would take seeing enough of your code that duplicates the problem to determine what is causing it. Best guess is you have an error in your logic.

 

 

Link to comment
Share on other sites

uid is autoincrementing yes, i hadnt thought about it but this is a huge security issue. I could just add a cookie with an id of 2 and hope for the best, if not i could try with different ids. needs to be solved aswell then. anyway here is my code:

 

login_process.php

 

$session_length = $_POST['session_length']; // a value from the select options
$session_length !== 'no' ? $_SESSION['remember_me'] = 'yes' : $_SESSION['remember_me'] = 'no';

 

init.php

 

if($_SESSION['remember_me'] == 'yes' && !isset($_COOKIE['uid']))
{
    setcookie('uid', $_SESSION['uid'], time()+(((60*60)*24)*365));
}
elseif($_SESSION['remember_me'] == 'no' && !isset($_COOKIE['uid']))
{
    setcookie('uid', $_SESSION['uid'], 0);
}

if (isset($_COOKIE['uid']))
{
    $user->setup($_COOKIE['uid']);
    

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.