XeroXer Posted December 28, 2006 Share Posted December 28, 2006 Hi there!For my test community site I use sessions to set if user is logged in and so on.Is this a secure way or can one somehow change the session settings or maybe check what they are set to?By using sessions my users get logged out every time they close the webbrowser.Can I somehow set a cookie without storing any "unsafe" info in it so that the user can stay loggd in.I was thinking sopmething like if they check the box "Remember me" I set a cookie containng the userid and the md5 password.And when they later return without the session info set the scripts searches for the cookie and if it is found it checks it with the mysql server and if correct the sessions are set again.Is this a secure and good way to do it? Link to comment https://forums.phpfreaks.com/topic/32047-is-sessions-secure-and-how-do-i-stay-logged-in/ Share on other sites More sharing options...
craygo Posted December 28, 2006 Share Posted December 28, 2006 You could do it that way, I think it would be fine. Only thing I would do, is if you have someone that is an admin, you can have them retype in there password to go into an admin section. Storing the md5 password should be fine. I know alot of forum programs do it this way.Ray Link to comment https://forums.phpfreaks.com/topic/32047-is-sessions-secure-and-how-do-i-stay-logged-in/#findComment-148745 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.