Trium918 Posted May 3, 2007 Share Posted May 3, 2007 Question: Is it possible to use php to make cookies as secure and tight as a Dog A**!? Example from phpfreaks!! Always stay logged in.... __utma 29981182.1480628556.1178052174.1178133717.1178149801.6 phpfreaks.com/ 1600 2350186496 32111674 2568249184 29854996 * __utmz 29981182.1178052174.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none) phpfreaks.com/ 1600 111027328 29891482 1255515376 29854769 * __utmb 29981182 phpfreaks.com/ 1600 3427920000 29855000 2615909184 29854996 * Quote Link to comment Share on other sites More sharing options...
MadTechie Posted May 3, 2007 Share Posted May 3, 2007 Secure + Cookie = mismatch, cookies are not secure Quote Link to comment Share on other sites More sharing options...
obsidian Posted May 3, 2007 Share Posted May 3, 2007 Question: Is it possible to use php to make cookies secure and tight? Umm... cookies are cookies. No matter how you create them, they are still going to be able to be manipulated. How well you encode and protect your server side data tied to those cookies is up to you. Is it possible to create cookies that mean something to your user and nothing to anyone who may be able to hijack their cookie? Most likely not, unless you are, in addition to the cookie data, checking their IP address against their last known location to make sure they're still within a valid range. I'm afraid this question really needs a bit more explanation to give you anything useful to go try. Quote Link to comment Share on other sites More sharing options...
Trium918 Posted May 3, 2007 Author Share Posted May 3, 2007 Ok, that's a start. Question: What methods or what would either of you would use? Send me a direction where I can research. Quote Link to comment Share on other sites More sharing options...
MadTechie Posted May 3, 2007 Share Posted May 3, 2007 sessions (aka server side cookies) Quote Link to comment Share on other sites More sharing options...
Trium918 Posted May 3, 2007 Author Share Posted May 3, 2007 sessions (aka server side cookies) I am using this right now, but its a long ways from completion. <?php function check_valid_user() // see if somebody is logged in and notify them if not { // Check if user has been remembered if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){ $_SESSION['valid_user'] = $_COOKIE['cookname']; $_SESSION['password'] = $_COOKIE['cookpass']; } // Username and password have been set if(isset($_SESSION['valid_user']) && isset($_SESSION['password'])){ // Confirm that username and password are valid if(login($_SESSION['valid_user'], $_SESSION['password']) != 0){ // Variables are incorrect, user not logged in unset($_SESSION['valid_user']); unset($_SESSION['password']); return false; } return true; } // User not logged in else{ return false; } }// End of Function ?> Quote Link to comment Share on other sites More sharing options...
john010117 Posted May 3, 2007 Share Posted May 3, 2007 ...so what's your problem? Read more about sessions here Quote Link to comment Share on other sites More sharing options...
Trium918 Posted May 3, 2007 Author Share Posted May 3, 2007 ...so what's your problem? Read more about sessions here I have know problem yet, but I would like or was looking for more resources. This is the meaning for this topic. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.