pedjasmek Posted November 5, 2007 Share Posted November 5, 2007 Can anyone tell me what is the best way to store sessions into database in order to recognize that user next time he access the site?I thought about IP address but then I remembered that it is different every time.What thing regarding a user is always the same? Quote Link to comment Share on other sites More sharing options...
poizn Posted November 5, 2007 Share Posted November 5, 2007 I think the only way to do this is to set a cookie. I'v been researching, just about the same thing and it looks like the only way to uniquely identify a PC (in PHP) is via a cookie. Quote Link to comment Share on other sites More sharing options...
Foser Posted November 5, 2007 Share Posted November 5, 2007 cookies is the best way. this will save something to the users browser. although this may be exploitable and a re-login might be the best option to protect your webpage. Quote Link to comment Share on other sites More sharing options...
pedjasmek Posted November 5, 2007 Author Share Posted November 5, 2007 Can I use sessions and cookies at the same time?I need sessions to store larger amount of information about a user Quote Link to comment Share on other sites More sharing options...
kratsg Posted November 5, 2007 Share Posted November 5, 2007 Have a log-in system... That way, a user has to log in, verify with database and pull all user info. Quote Link to comment Share on other sites More sharing options...
poizn Posted November 5, 2007 Share Posted November 5, 2007 Yes, yes you can Quote Link to comment Share on other sites More sharing options...
ToonMariner Posted November 5, 2007 Share Posted November 5, 2007 I use a log table for vistors/members. It stores their IP address and a 'large' random string. this string is also present in a client side cookie (if they accept cookies!) whne they return to the site and have this cookie I check that their IP address matches the last one they visited based on this string - if so its fairly certain to be that person - if not make them login again... Quote Link to comment Share on other sites More sharing options...
pedjasmek Posted November 5, 2007 Author Share Posted November 5, 2007 But most of the users have dynamic IP addresses so how can you have a match when the IP address is different each time a user is online? Quote Link to comment Share on other sites More sharing options...
ToonMariner Posted November 5, 2007 Share Posted November 5, 2007 its just a extar layer of security - if you are still on dial-up thats not my fault! most braod-band users will maintain an ip address for quite some time - at least where I live they do. Quote Link to comment Share on other sites More sharing options...
revraz Posted November 5, 2007 Share Posted November 5, 2007 I wouldn't say Most users, but I would say a good 20-30% would have their ip address change each time. But I think you missed his point. Even if it doesn't match, the worse case scenario is they have to re-log in. You can skip that part and only require cookies, it's entirely up to you. But most of the users have dynamic IP addresses so how can you have a match when the IP address is different each time a user is online? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.