frijole Posted March 18, 2008 Share Posted March 18, 2008 If am going to use a cookie to authenticate members of my site, what would be the best piece of info to use? The memberid? Also, with that strategy would my header say: if(isset($_COOKIE['memberid'])) { // show member content of the page } is that secure? I hope this question makes sense, thanks for helping. Link to comment https://forums.phpfreaks.com/topic/96802-cookie-question/ Share on other sites More sharing options...
Jeremysr Posted March 18, 2008 Share Posted March 18, 2008 I think you should store their member id and their encrypted password. Then on every single page you should check to make sure the user id matches the encrypted password. This is because it is easy for users to edit their cookies and view their cookies. It's better to use sessions though. To the coder they work almost exactly the same, but a user can't edit session variables. So once you've checked their password you don't have to check it again. Link to comment https://forums.phpfreaks.com/topic/96802-cookie-question/#findComment-495380 Share on other sites More sharing options...
Northern Flame Posted March 18, 2008 Share Posted March 18, 2008 well cookies can be faked so you need to make it so that you can decode it and it will be hard to fake. maybe type in a random string and mix in the member id, something like: nfitrn4ql5roqj432io4j23432oj42n-{member id}-enk34b32k5b3 (without the brackets) then do something like <?php $blown = explode("-", $_COOKIE['memberid']); $id = $blown[1]; // then make sure the id is valid $query = mysql_query("SELECT * FROM `table` WHERE `id` = '$id'"); // then show the content after checking if it exists if(mysql_num_rows($query) == 1){ // show content } else{ // show an error saying that his/her account was not found } ?> thats a simple example of how to do it, good luck. Link to comment https://forums.phpfreaks.com/topic/96802-cookie-question/#findComment-495385 Share on other sites More sharing options...
Northern Flame Posted March 18, 2008 Share Posted March 18, 2008 I think you should store their member id and their encrypted password. Then on every single page you should check to make sure the user id matches the encrypted password. This is because it is easy for users to edit their cookies and view their cookies. It's better to use sessions though. To the coder they work almost exactly the same, but a user can't edit session variables. So once you've checked their password you don't have to check it again. even if the password is encrypted its not that smart to put it in the cookie.... Link to comment https://forums.phpfreaks.com/topic/96802-cookie-question/#findComment-495387 Share on other sites More sharing options...
uniflare Posted March 18, 2008 Share Posted March 18, 2008 sessions are much more effective for dealing with authentication. sessions store session variables on the server in a file, the browser keeps a cookie with a unique id of that session (u dont have to use cookies you can use _GET Queries as well), the session is usually terminated the moment the browser is closed in a default environment. hope this helps, Link to comment https://forums.phpfreaks.com/topic/96802-cookie-question/#findComment-495406 Share on other sites More sharing options...
frijole Posted March 19, 2008 Author Share Posted March 19, 2008 thanks for the info. I'll have to debate that one. From your guys' experience is it a hassle to use Sessions and require people to log in more often? Link to comment https://forums.phpfreaks.com/topic/96802-cookie-question/#findComment-495473 Share on other sites More sharing options...
uniflare Posted March 19, 2008 Share Posted March 19, 2008 sessions are much more secure than cookies as each session is uniquely identifiable, a cookei with a user/pass could quite literally be copied/pasted. you could use a cookie with some encryption function with a salt for each particular ip address but that would be intensive and probably unneccessary. it really depends what your making, for eCommerce i would personally use cookie sessions; for standard public website scripts like forums i would use sessions AND Cookies with a selectable time limit similar to this website. ---- i believe sessions are much easier to use than cookies. Link to comment https://forums.phpfreaks.com/topic/96802-cookie-question/#findComment-495710 Share on other sites More sharing options...
frijole Posted March 19, 2008 Author Share Posted March 19, 2008 what information does this site keep on the users computer with cookies? Or, what might they use? Link to comment https://forums.phpfreaks.com/topic/96802-cookie-question/#findComment-496085 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.