Protecting users' accounts. What is a good way?

[ataria]

I want to use cookies, although, I am open to switch over to sessions.

 

What is a good way to ensure their information is safe and no one can gain access to their account?

 

-x-

 

 

Good / Bad way: Storing PHP session IDs in a cookie, and, a row in the database?

and have them match up? X:

[ataria]

Anyone? :X

[chocopi]

I think it would be better to use sessions as there are from what I know easier to do and also, I think cookies can be edited.

 

However, cookies obviously can last after the page has closed.

 

Try google

[ataria]

Yeah.

I want something that would keep them logged in at all times, unless they log out, of course.

 

[chocopi]

well i guess you could use cookies for that, and sessions for everything else, the best of both worlds

[ataria]

What would I use sessions for, though? :X

[chocopi]

just moving data across pages especially classified information. Sessions are great for temporary storage of infomation and they cant be hacked by the user