[SOLVED] COOKIE or SESSION?

[Northern Flame]

Before I was told that if I want to create a "keep me logged in" feature

I needed to use cookies. But should I also use cookies to store the user

info? Or should I use SESSION like I have been using?

[p2grace]

If you can, I'd use sessions.  Sessions are far more secure than using cookies.  Cookies are for more permanent data, but are stored on the client-side.  Where sessions are global variables while the window is open and stored on the server-side which makes them more secure.

[revraz]

You can store whatever you like, as long as you feel comfortable with what you are checking when they come back.  It can be anything, even a code.  Usually its just 1 or 2 items, since once they are on your site, you can check their info in the DB for updated info.

 

Like if you were to store their Admin level in a cookie, what happens when you put them down to a normal user, if their cookie always says Admin, then they can get to places they shouldn't after you remove that access.

[Northern Flame]

So I guess what I can do is store the users info in a session

and store "keep me logged in" in a cookie.

 

thanks for all the help!

[calabiyau]

Use both, I would say.  Sessions are most commonly used with cookie's in combination.  The session is the data stored on the server and the cookie is stored on the user's machine.  Only by recieving the "matching" cookie to go with the session does session work.  You can use sessions on their own and pass the data via the url but that comes with it's own set of security problems.

[revraz]

You would have to use a Cookie for that, since session data is lost when the browser closes.

 

 

and store "keep me logged in" in a cookie.

 

thanks for all the help!