NoDoze Posted June 21, 2007 Share Posted June 21, 2007 Is it possible and/or bad to have both of these at the same time on a website? I have cookies just to maintain username and password for a 30 day period. Then have the other user info saved in a session, then deleted when they close their browser. Is that ok? I also have these sessions validated via a mysql database of user info. Or am I thourougly confused....? Thanks! Link to comment https://forums.phpfreaks.com/topic/56598-sessions-and-cookies/ Share on other sites More sharing options...
virtuexru Posted June 21, 2007 Share Posted June 21, 2007 Yes, you should have both. You should validate against both too once a person visits a page, do an || (OR) function. Link to comment https://forums.phpfreaks.com/topic/56598-sessions-and-cookies/#findComment-279521 Share on other sites More sharing options...
NoDoze Posted June 21, 2007 Author Share Posted June 21, 2007 Cool...thought I was crazy myself...hehe I've never seen the || what is that and how does that work? I always thought it was just an "or"....as in "if" "else" "or".... Link to comment https://forums.phpfreaks.com/topic/56598-sessions-and-cookies/#findComment-279526 Share on other sites More sharing options...
virtuexru Posted June 21, 2007 Share Posted June 21, 2007 <?php if ($_SESSION['logged'] == "true" || $_COOKIE['logged'] == "true") { echo "Welcome"; } else { include('login.php'); } ?> Link to comment https://forums.phpfreaks.com/topic/56598-sessions-and-cookies/#findComment-279530 Share on other sites More sharing options...
NoDoze Posted June 25, 2007 Author Share Posted June 25, 2007 ok, this is cool....really helped alot...but I have another questions....it got me thinking As above: if ($_SESSION['logged'] == "true" || $_COOKIE['logged'] == "true") ...is an or statement... But I want to varify that the user has BOTH a cookie AND a session loged in the mysql database... Then depending on what they don't have, send them to the appropraite login page. Possible? Some sort of if, then, else statement, but in my head it becomes a convoluted mess...HELP! Thanks! Link to comment https://forums.phpfreaks.com/topic/56598-sessions-and-cookies/#findComment-282430 Share on other sites More sharing options...
NoDoze Posted June 26, 2007 Author Share Posted June 26, 2007 does anyone have any ideas? Link to comment https://forums.phpfreaks.com/topic/56598-sessions-and-cookies/#findComment-283495 Share on other sites More sharing options...
per1os Posted June 26, 2007 Share Posted June 26, 2007 I would really store the username and password (password md5'ed of course) in the session and or cookie and check against that each page load. Having a single variable "logged" as set to true, it is alot easier to spoof that than to spoof someone's password via an md5 hash. My 2 cents is stay away from the easy spoof and validate the user's information against the DB on each page call. If you want to verify they have both this would suffice <?php if (isset($_SESSION['logged']) && isset($_COOKIE['logged'])) Would probably work better. But as I stated before, I prefer to check the user credentials each page call for tighter security. Link to comment https://forums.phpfreaks.com/topic/56598-sessions-and-cookies/#findComment-283497 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.