lalabored Posted May 4, 2007 Share Posted May 4, 2007 Is it better to use Cookies for a user authentication script or Sessions? Which one is more secure? Quote Link to comment Share on other sites More sharing options...
john010117 Posted May 4, 2007 Share Posted May 4, 2007 Sessions. Read more about them here Quote Link to comment Share on other sites More sharing options...
lalabored Posted May 4, 2007 Author Share Posted May 4, 2007 But aren't sessions temporary? Is there a way I can make them non-temporary? Quote Link to comment Share on other sites More sharing options...
john010117 Posted May 4, 2007 Share Posted May 4, 2007 Sessions last as long as the browser is open and the user is active. The sessions gets "destroyed" when the user either logs out or they close the browser. That's why it's more secure. However, cookies can last forever if you coded it to. But the problem is, a user (potentially a hacker) can see the cookies that they have easily in their browsers. Also, cookies won't work for the very few people who blocks all cookies. Quote Link to comment Share on other sites More sharing options...
jitesh Posted May 4, 2007 Share Posted May 4, 2007 If you need permenent login then you may follow this When user login set values in session and persistent cookie. Use session at all. Now when user come again to login or session time out fetch the values from cookie and make auto login. If you do not found cookie set then ask to user to login. Quote Link to comment Share on other sites More sharing options...
lalabored Posted May 5, 2007 Author Share Posted May 5, 2007 Oh I see. Thanks! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.