Hi again. Im going to be using cookies to see wether a person is logged in or not. When they log in, it will store their entered username/password into a cookie, and then on everypage load it will get the username from the cookie, and then check the database for the username and password..in other words logging in every page load.
Is this a good idea?
If so, how would i put 2 variables into one cookie, or would i need to have 2 cookies? one for username and one for password?
Also, what happens when the cookie expires? does the cookie still exist? if so, how do you check if the cookie is expired, so i can create a "your login session has expired" page.
Thanks a lot.
cookies
Moderator: General Moderators
I believe the cookie will be in the same file, but you have to set them by two separate setcookie functions.
One possible problem with storing passwords into cookies is that sometimes it could be leaked to someone, either remotely or just by reading the cookie. I would strongly not recommend you store passwords into cookies for logins that are sensitive, such as accounts with SSNs and credit card numbers.
One possible problem with storing passwords into cookies is that sometimes it could be leaked to someone, either remotely or just by reading the cookie. I would strongly not recommend you store passwords into cookies for logins that are sensitive, such as accounts with SSNs and credit card numbers.
-
burzvingion
- Forum Newbie
- Posts: 11
- Joined: Sun Apr 18, 2004 2:30 pm
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
im afraid its essential. Im part of a amsll games development team, and im the lead games programmer. Ive just started learning PHP to be able to code a system for the site aswell, where you can create accounts with us, accounts hich will also be used by players in-game, so you can have control over your gaming account from the website. Eventually, i hope to make it so that people can order our games through the system, but that wont be for a while, so a simple session controlled login will do for now
.