sessions and cookies

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
bytte
Forum Commoner
Posts: 75
Joined: Sun Nov 23, 2003 8:20 am
Location: Belgium

sessions and cookies

Post by bytte »

Hi

I'm using sessions to store user information after logging in. Of course, when the user closes his browser window, the session is destroyed. Next time the user visits my site, he has to log in again.
Now I want the "remember me" feature when logging in. So I've made a login form that has the "remember me" option that sets a cookie wich contains the username and the password (secured of course).

Now I wondered if I need to check the username/pass on every page of my website again before storing the cookie data in a session. Or is it safe to assume that the cookie information is correct?
And if I do the check on every page, assuming I have a lot of users browsing, wouldn't that be too demanding for the server?
User avatar
Meteo
Forum Newbie
Posts: 24
Joined: Sun Jan 18, 2004 10:19 am
Contact:

Post by Meteo »

I'm a fan of using cookies over sessions, what I do is I made a function that checks the cookie information with the user and pass in the database, and I run that function on every page. so, yes, I'd check the information on every page. some people might know some things about cookies that I dont, but I think it's safer, and it's possible to edit the contents of a cookie as the user, it's just a text file. I just have it check that info, and if the stuff doesn't check out, then unset the cookie and header to the index or something.
User avatar
tim
DevNet Resident
Posts: 1165
Joined: Thu Feb 12, 2004 7:19 pm
Location: ohio

Post by tim »

You could make a page with the cookie/session check and include it on all the pages u wish to check for username.

I would assign the cookie value to a session var. somehting like:

Code: Select all

<?php
if ($_COOKIE['username']) {
$_SESSION['username'] = $_COOKIE['username'];
$user = $_SESSION['username'];
}
if ($_SESSION['username']) {
$user = $_SESSION['username'];
}

// maybe set-up some type of flag system
?>
then use a isset/empty function to see if the session var is present.

You should do an if-else, and the else you could die the error so the page isnt displayed, just the error.

my .02
Post Reply