MDanz Posted July 18, 2012 Share Posted July 18, 2012 I currently have it that when a user logs in their username and userid are stored in a cookie. As this isn't the most secure method i now plan on changing the method; When the user logs in, a unique token is saved in the cookie. The username, userid, banned boolean and unique token are stored a session. The token in the cookie has to match the token in the session to be logged in. I've thought about storing the token in the database? Alot of times in my code i quickly require the username and userid, so storing in a session is the most logical idea to me instead of always querying the database. Anyway, is my method appropriate?; if not, what is a proven method? I understand that if i want to do 'remember me' i have to have the token stored in the db? Any help appreciated. Quote Link to comment https://forums.phpfreaks.com/topic/265885-storing-username-and-userid-in-cookies-or-sessions/ Share on other sites More sharing options...
awjudd Posted July 18, 2012 Share Posted July 18, 2012 Why not just use PHP's built in sessions? http://php.net/session ~awjudd Quote Link to comment https://forums.phpfreaks.com/topic/265885-storing-username-and-userid-in-cookies-or-sessions/#findComment-1362380 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.