themistral Posted December 14, 2007 Share Posted December 14, 2007 "Keep me logged in" option... I'm trying to decide on whether to have this feature on a site I am developing at the moment...seeing as browsers are offering the ability to save passwords, do we as developers need to offer that on the website? I know we should still offer a choice but I'd be interested to get other's opinions on this! Do users tend to trust their browser or the website more - do they even care! Link to comment https://forums.phpfreaks.com/topic/81737-saving-passwords/ Share on other sites More sharing options...
phpSensei Posted December 14, 2007 Share Posted December 14, 2007 Just use COOKIES if the user has set to be kept online, and sessions if not. That simple. Also, NEVER PUT PASSWORDS IN COOKIES OR SESSIONS!!! Link to comment https://forums.phpfreaks.com/topic/81737-saving-passwords/#findComment-415131 Share on other sites More sharing options...
corbin Posted December 14, 2007 Share Posted December 14, 2007 phpSensei, I'm not sure whether or not you meant plain text passwords or passwords period. If you meant plain text passwords, that would be correct in my opinion, but just putting a username in a cookie is generally a horrible idea since cookies are easily edited. Sessions are stored server side and only the session ID is transfered, so basically anything in a session should be safe unless on some page you're echoing out the session data or someone jacks the session. Link to comment https://forums.phpfreaks.com/topic/81737-saving-passwords/#findComment-415134 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.