Jump to content

Recommended Posts


i have a webpage set up for secure socket layer. I know want to tighten it down by using a password.
I use to use just a login and then set a cookie to say that the user had logged in, then have an isset function on the start of each page.

Is this still the best way to do things or should I use some other method?
Link to comment
https://forums.phpfreaks.com/topic/6570-should-i-just-use-cookies/
Share on other sites

Use cookies AND sessions to ensure the best security. You have
cookie_username
cookie_userid
cookie_login (username+md5(pw))

session_login
session_username
session_userid

Cookies can be edited, so you always want to make your code refer to the SESSION variables, NOT the cookies. You want to check on each page that the cookie login and username MATCH the session login and username.

If the session doesn't exist, you get the info from the database using the cookie info and set the session.

Otherwise, someone can change their cookie to whatever they want and if you don't verify it against the session, they'll get in.
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.