themistral Posted December 14, 2007 Share Posted December 14, 2007 "Keep me logged in" option... I'm trying to decide on whether to have this feature on a site I am developing at the moment...seeing as browsers are offering the ability to save passwords, do we as developers need to offer that on the website? I know we should still offer a choice but I'd be interested to get other's opinions on this! Do users tend to trust their browser or the website more - do they even care! Quote Link to comment Share on other sites More sharing options...
phpSensei Posted December 14, 2007 Share Posted December 14, 2007 Just use COOKIES if the user has set to be kept online, and sessions if not. That simple. Also, NEVER PUT PASSWORDS IN COOKIES OR SESSIONS!!! Quote Link to comment Share on other sites More sharing options...
corbin Posted December 14, 2007 Share Posted December 14, 2007 phpSensei, I'm not sure whether or not you meant plain text passwords or passwords period. If you meant plain text passwords, that would be correct in my opinion, but just putting a username in a cookie is generally a horrible idea since cookies are easily edited. Sessions are stored server side and only the session ID is transfered, so basically anything in a session should be safe unless on some page you're echoing out the session data or someone jacks the session. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.