JonathanAnon Posted April 4, 2006 Share Posted April 4, 2006 i have a webpage set up for secure socket layer. I know want to tighten it down by using a password. I use to use just a login and then set a cookie to say that the user had logged in, then have an isset function on the start of each page. Is this still the best way to do things or should I use some other method? Quote Link to comment https://forums.phpfreaks.com/topic/6570-should-i-just-use-cookies/ Share on other sites More sharing options...
trq Posted April 4, 2006 Share Posted April 4, 2006 I would think that most authentication systems use sessions, but really, there isn't a great deal of difference. As long as your checking the values in the cookie against a database or some other data store on the server. Quote Link to comment https://forums.phpfreaks.com/topic/6570-should-i-just-use-cookies/#findComment-23835 Share on other sites More sharing options...
Jessica Posted April 4, 2006 Share Posted April 4, 2006 Use cookies AND sessions to ensure the best security. You havecookie_usernamecookie_useridcookie_login (username+md5(pw))session_loginsession_usernamesession_useridCookies can be edited, so you always want to make your code refer to the SESSION variables, NOT the cookies. You want to check on each page that the cookie login and username MATCH the session login and username.If the session doesn't exist, you get the info from the database using the cookie info and set the session.Otherwise, someone can change their cookie to whatever they want and if you don't verify it against the session, they'll get in. Quote Link to comment https://forums.phpfreaks.com/topic/6570-should-i-just-use-cookies/#findComment-23847 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.