NoDoze Posted June 21, 2007 Share Posted June 21, 2007 Is it possible and/or bad to have both of these at the same time on a website? I have cookies just to maintain username and password for a 30 day period. Then have the other user info saved in a session, then deleted when they close their browser. Is that ok? I also have these sessions validated via a mysql database of user info. Or am I thourougly confused....? Thanks! Quote Link to comment Share on other sites More sharing options...
virtuexru Posted June 21, 2007 Share Posted June 21, 2007 Yes, you should have both. You should validate against both too once a person visits a page, do an || (OR) function. Quote Link to comment Share on other sites More sharing options...
NoDoze Posted June 21, 2007 Author Share Posted June 21, 2007 Cool...thought I was crazy myself...hehe I've never seen the || what is that and how does that work? I always thought it was just an "or"....as in "if" "else" "or".... Quote Link to comment Share on other sites More sharing options...
virtuexru Posted June 21, 2007 Share Posted June 21, 2007 <?php if ($_SESSION['logged'] == "true" || $_COOKIE['logged'] == "true") { echo "Welcome"; } else { include('login.php'); } ?> Quote Link to comment Share on other sites More sharing options...
NoDoze Posted June 25, 2007 Author Share Posted June 25, 2007 ok, this is cool....really helped alot...but I have another questions....it got me thinking As above: if ($_SESSION['logged'] == "true" || $_COOKIE['logged'] == "true") ...is an or statement... But I want to varify that the user has BOTH a cookie AND a session loged in the mysql database... Then depending on what they don't have, send them to the appropraite login page. Possible? Some sort of if, then, else statement, but in my head it becomes a convoluted mess...HELP! Thanks! Quote Link to comment Share on other sites More sharing options...
NoDoze Posted June 26, 2007 Author Share Posted June 26, 2007 does anyone have any ideas? Quote Link to comment Share on other sites More sharing options...
per1os Posted June 26, 2007 Share Posted June 26, 2007 I would really store the username and password (password md5'ed of course) in the session and or cookie and check against that each page load. Having a single variable "logged" as set to true, it is alot easier to spoof that than to spoof someone's password via an md5 hash. My 2 cents is stay away from the easy spoof and validate the user's information against the DB on each page call. If you want to verify they have both this would suffice <?php if (isset($_SESSION['logged']) && isset($_COOKIE['logged'])) Would probably work better. But as I stated before, I prefer to check the user credentials each page call for tighter security. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.