Best way to handle user login

[Aegidius]

Hi all.

 

I'm new to PHP language and I'd like to know which is the best way to handle the user login.

 

With cookies or with sessions?

 

Do you know some example on the web that I could inspire on? I just know how to do it in both way, I just wanna know which is the best way and like to read some code written by a pro.

[ManiacDan]

Sessions are tracked using a cookie.

 

A session is what's used to maintain a user's state through a single "visit" to your website, which can span multiple page loads.  Without a session, you have no way of knowing that the user is returning to the site over and over again.

 

Once the user closes his browser window or turns off his computer, the session is destroyed (there are other ways for this to happen as well).  You can set an "auto-login" cookie to log the user back into the site the next time he visits automatically.  This is a security risk though, so make sure to read up on how to properly do it so you don't end up passing dangerous data in the cookies.

 

-Dan

[Aegidius]

Thanks for the answer.

 

I have another 2 questions.

 

If the user want to be remembered, what should I save in the cookie? Is it correct to save the user ip address in the db and the username in the cookie, so when i read the cookie with the username i can check if the ip address corresponds?

 

If I use the session_set_save_handler, i must define where the session variables are saved?

[ManiacDan]

1)  Yeah, sure.  Generally I save a hash of IP, user-agent, username, and unique ID in the cookie.

 

2)  You don't need to, generally, but yes.

 

-Dan

[Aegidius]

Thank you very muck for the answer.

 

You are really kindly.