Page 1 of 1

cookies

Posted: Tue Aug 03, 2004 12:14 pm
by dwfait
Hi again. Im going to be using cookies to see wether a person is logged in or not. When they log in, it will store their entered username/password into a cookie, and then on everypage load it will get the username from the cookie, and then check the database for the username and password..in other words logging in every page load.

Is this a good idea?

If so, how would i put 2 variables into one cookie, or would i need to have 2 cookies? one for username and one for password?

Also, what happens when the cookie expires? does the cookie still exist? if so, how do you check if the cookie is expired, so i can create a "your login session has expired" page.

Thanks a lot.

Posted: Tue Aug 03, 2004 12:28 pm
by prov
I believe the cookie will be in the same file, but you have to set them by two separate setcookie functions.

One possible problem with storing passwords into cookies is that sometimes it could be leaked to someone, either remotely or just by reading the cookie. I would strongly not recommend you store passwords into cookies for logins that are sensitive, such as accounts with SSNs and credit card numbers.

Posted: Tue Aug 03, 2004 12:40 pm
by dwfait
what type of system would you recomend for accounts that contain such information?

Posted: Tue Aug 03, 2004 2:09 pm
by burzvingion
I'd use sessions instead. just put session_start() somewhere at the top of the page and then once a user logs in (and is authenticated) do something like $_SESSION['username'] = whatever and then for the logout page destroy the session. Read about them here [php_man]session[/php_man]

Posted: Tue Aug 03, 2004 3:32 pm
by John Cartwright
I don't recommend having to do with credit cards anywhere on your site. Unless your a guru of course :P

Posted: Tue Aug 03, 2004 3:37 pm
by dwfait
im afraid its essential. Im part of a amsll games development team, and im the lead games programmer. Ive just started learning PHP to be able to code a system for the site aswell, where you can create accounts with us, accounts hich will also be used by players in-game, so you can have control over your gaming account from the website. Eventually, i hope to make it so that people can order our games through the system, but that wont be for a while, so a simple session controlled login will do for now :).

Posted: Tue Aug 03, 2004 7:16 pm
by dwfait
do you need to specify the cookes in the <head> part in the code?

Posted: Tue Aug 03, 2004 7:28 pm
by feyd
cookies are normally sent through the http headers, which are outside the html or anything the user can normally see..