MDanz Posted July 18, 2012 Share Posted July 18, 2012 I currently have it that when a user logs in their username and userid are stored in a cookie. As this isn't the most secure method i now plan on changing the method; When the user logs in, a unique token is saved in the cookie. The username, userid, banned boolean and unique token are stored a session. The token in the cookie has to match the token in the session to be logged in. I've thought about storing the token in the database? Alot of times in my code i quickly require the username and userid, so storing in a session is the most logical idea to me instead of always querying the database. Anyway, is my method appropriate?; if not, what is a proven method? I understand that if i want to do 'remember me' i have to have the token stored in the db? Any help appreciated. Link to comment https://forums.phpfreaks.com/topic/265885-storing-username-and-userid-in-cookies-or-sessions/ Share on other sites More sharing options...
awjudd Posted July 18, 2012 Share Posted July 18, 2012 Why not just use PHP's built in sessions? http://php.net/session ~awjudd Link to comment https://forums.phpfreaks.com/topic/265885-storing-username-and-userid-in-cookies-or-sessions/#findComment-1362380 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.