cookie or session?

[ohdang888]

whats better... cookie or session?

 

I want to store an member 'id' number in the session or cookie

[shocker-z]

I always use sessions and have been lead to beleive they are more secure. I find them very easy to deal with and no browser issues.

 

Regards

Liam

[unsider]

sessions would probably be better for something like that, especially if you want to retrieve things like "time online", "last date visited", etc...

 

EDIT: and what shocker said.

[ohdang888]

alright! sessions it is. I've been trying that anyways...

 

my code is below. But one problem. I don't think the session is beginning because when i click logout, (all it contains is session_destroy().) then its say that error:trying to destory a session that doesn't exist. whats wrong?

 

Login.php

session_start();

mysql_connect("localhost", "", "") or die(mysql_error());
mysql_select_db("members") or die(mysql_error());

//remove slashes
$email=stripslashes($_POST['email']);
$password=stripslashes($_POST['password']);
//encrypt password
$encpass = md5($password);

mysql_real_escape_string($email);
mysql_real_escape_string($password);

$sql="SELECT * FROM `users` WHERE email='$email' and password='$encpass'";

$result=mysql_query($sql);

$count=mysql_num_rows($result);

$user_info = mysql_fetch_array($result);
$id = stripslashes($user_info['id']);

if($count==1){
// if user login is successful then create session and direct to members.php
$_SESSION['email']=$email;
$_SESSION['id']=$id;
echo "<meta http-equiv='refresh' content='0;url=member_home.php'>";

}else {
// if user login is wrong direct to failed.php
session_destroy();
echo "<meta http-equiv='refresh' content='0;url=failed.php'>";

}

 

 

[shocker-z]

have you got session_start() on all your pages?

 

try echoing the sessions back before you run destoy or instead of then you have diagnosed whither or not the sessions have been passed and therefore exist.

 

Regards

Liam

[ohdang888]

ok. i have that solved now. thanks

 

 

BUT.

i don't want to start a session for poeople not logged in. This is what my site is like...

 

 

non-members can access:

games, cannot leave comments

home page

contact pages

 

members can access everything nonmembers can, plus:

member profile pages

member home page

they can leave comments on games

etc.

 

Soooo..... i'm confused about the session_start on every page,

 

Won't that start a session for people who aren't logged in??... Or does that not matter, becasue then the ID number stored in a member session won't be there????????

 

[shocker-z]

well start the session for all but validate on if $_SESSION['id'] exists as if it doesnt then there not logge din and it will never exist if they are not logged in.

 

Regards

Liam

[ohdang888]

awesome! thanks for helping dude!

 

one more question.

 

i have

<?php session_start(); ?> on the "topmenu.php" which is included on every single page.

 

but on the first page i am going to (the homepage) i am getting this error:

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\xampp\htdocs\index.php:2) in C:\xampp\htdocs\include\topmenu.php on line 1

 

I'm logged out, and cleared all cookies and data in my IE, but its still doing that error

 

whats wrong?

 

P.S.- thanks for helping me!