Cookies

[doddsey_65]

When a user logs in it sets a cookie with their user id and sets the time they choose(either a session cookie or a cookie lasting one year for users who wish to stay logged in). when they select to stay logged in forever and close the browser the next time they open it, it tells them they arent logged in. however when they go to a new page they appear to be logged in. What i dont understand is why they have to go to a new page for it to say they are logged in. Here is the code which runs everytime the site is load

 

if (isset($_COOKIE['uid']))
{
    $user->setup($_COOKIE['uid']);
}

 

user setup basically selects their info from the database and sets their username and other info to variables.

 

Anyone know a better way to do this?

[PFMaBiSmAd]

I hope that $_COOKIE['uid'] isn't just an auto-increment value from your database table, as that would allow anyone to simply try a series of sequential numbers and easily appear to be anyone, even you when they find your uid value.

 

As to the stated login problem, it would take seeing enough of your code that duplicates the problem to determine what is causing it. Best guess is you have an error in your logic.

 

 

[doddsey_65]

uid is autoincrementing yes, i hadnt thought about it but this is a huge security issue. I could just add a cookie with an id of 2 and hope for the best, if not i could try with different ids. needs to be solved aswell then. anyway here is my code:

 

login_process.php

 

$session_length = $_POST['session_length']; // a value from the select options
$session_length !== 'no' ? $_SESSION['remember_me'] = 'yes' : $_SESSION['remember_me'] = 'no';

 

init.php

 

if($_SESSION['remember_me'] == 'yes' && !isset($_COOKIE['uid']))
{
    setcookie('uid', $_SESSION['uid'], time()+(((60*60)*24)*365));
}
elseif($_SESSION['remember_me'] == 'no' && !isset($_COOKIE['uid']))
{
    setcookie('uid', $_SESSION['uid'], 0);
}

if (isset($_COOKIE['uid']))
{
    $user->setup($_COOKIE['uid']);