Jump to content

Is sessions secure and how do I stay logged in?


XeroXer

Recommended Posts

Hi there!

For my test community site I use sessions to set if user is logged in and so on.
Is this a secure way or can one somehow change the session settings or maybe check what they are set to?

By using sessions my users get logged out every time they close the webbrowser.
Can I somehow set a cookie without storing any "unsafe" info in it so that the user can stay loggd in.

I was thinking sopmething like if they check the box "Remember me" I set a cookie containng the userid and the md5 password.
And when they later return without the session info set the scripts searches for the cookie and if it is found it checks it with the mysql server and if correct the sessions are set again.
Is this a secure and good way to do it?
You could do it that way, I think it would be fine. Only thing I would do, is if you have someone that is an admin, you can have them retype in there password to go into an admin section. Storing the md5 password should be fine. I know alot of forum programs do it this way.

Ray

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.