[SOLVED] User Auth Question

[lalabored]

Is it better to use Cookies for a user authentication script or Sessions? Which one is more secure?

[john010117]

Sessions. Read more about them here

[lalabored]

But aren't sessions temporary? Is there a way I can make them non-temporary?

[john010117]

Sessions last as long as the browser is open and the user is active. The sessions gets "destroyed" when the user either logs out or they close the browser. That's why it's more secure.

 

However, cookies can last forever if you coded it to. But the problem is, a user (potentially a hacker) can see the cookies that they have easily in their browsers. Also, cookies won't work for the very few people who blocks all cookies.

[jitesh]

If you need permenent login then you may follow this

 

When user login set values in session and persistent cookie.

Use session at all.

Now when user come again to login or session time out fetch the values from cookie and make auto login.

 

If you do not found cookie set then ask to user to login.

[lalabored]

Oh I see. Thanks!