cookies

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
dwfait
Forum Contributor
Posts: 113
Joined: Sun Aug 01, 2004 10:36 pm

cookies

Post by dwfait »

Hi again. Im going to be using cookies to see wether a person is logged in or not. When they log in, it will store their entered username/password into a cookie, and then on everypage load it will get the username from the cookie, and then check the database for the username and password..in other words logging in every page load.

Is this a good idea?

If so, how would i put 2 variables into one cookie, or would i need to have 2 cookies? one for username and one for password?

Also, what happens when the cookie expires? does the cookie still exist? if so, how do you check if the cookie is expired, so i can create a "your login session has expired" page.

Thanks a lot.
prov
Forum Newbie
Posts: 10
Joined: Thu Mar 25, 2004 9:13 pm
Location: Providence, RI
Contact:

Post by prov »

I believe the cookie will be in the same file, but you have to set them by two separate setcookie functions.

One possible problem with storing passwords into cookies is that sometimes it could be leaked to someone, either remotely or just by reading the cookie. I would strongly not recommend you store passwords into cookies for logins that are sensitive, such as accounts with SSNs and credit card numbers.
dwfait
Forum Contributor
Posts: 113
Joined: Sun Aug 01, 2004 10:36 pm

Post by dwfait »

what type of system would you recomend for accounts that contain such information?
burzvingion
Forum Newbie
Posts: 11
Joined: Sun Apr 18, 2004 2:30 pm

Post by burzvingion »

I'd use sessions instead. just put session_start() somewhere at the top of the page and then once a user logs in (and is authenticated) do something like $_SESSION['username'] = whatever and then for the logout page destroy the session. Read about them here [php_man]session[/php_man]
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

I don't recommend having to do with credit cards anywhere on your site. Unless your a guru of course :P
dwfait
Forum Contributor
Posts: 113
Joined: Sun Aug 01, 2004 10:36 pm

Post by dwfait »

im afraid its essential. Im part of a amsll games development team, and im the lead games programmer. Ive just started learning PHP to be able to code a system for the site aswell, where you can create accounts with us, accounts hich will also be used by players in-game, so you can have control over your gaming account from the website. Eventually, i hope to make it so that people can order our games through the system, but that wont be for a while, so a simple session controlled login will do for now :).
dwfait
Forum Contributor
Posts: 113
Joined: Sun Aug 01, 2004 10:36 pm

Post by dwfait »

do you need to specify the cookes in the <head> part in the code?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

cookies are normally sent through the http headers, which are outside the html or anything the user can normally see..
Post Reply