Hi
I'm using sessions to store user information after logging in. Of course, when the user closes his browser window, the session is destroyed. Next time the user visits my site, he has to log in again.
Now I want the "remember me" feature when logging in. So I've made a login form that has the "remember me" option that sets a cookie wich contains the username and the password (secured of course).
Now I wondered if I need to check the username/pass on every page of my website again before storing the cookie data in a session. Or is it safe to assume that the cookie information is correct?
And if I do the check on every page, assuming I have a lot of users browsing, wouldn't that be too demanding for the server?
sessions and cookies
Moderator: General Moderators
I'm a fan of using cookies over sessions, what I do is I made a function that checks the cookie information with the user and pass in the database, and I run that function on every page. so, yes, I'd check the information on every page. some people might know some things about cookies that I dont, but I think it's safer, and it's possible to edit the contents of a cookie as the user, it's just a text file. I just have it check that info, and if the stuff doesn't check out, then unset the cookie and header to the index or something.
You could make a page with the cookie/session check and include it on all the pages u wish to check for username.
I would assign the cookie value to a session var. somehting like:
then use a isset/empty function to see if the session var is present.
You should do an if-else, and the else you could die the error so the page isnt displayed, just the error.
my .02
I would assign the cookie value to a session var. somehting like:
Code: Select all
<?php
if ($_COOKIE['username']) {
$_SESSION['username'] = $_COOKIE['username'];
$user = $_SESSION['username'];
}
if ($_SESSION['username']) {
$user = $_SESSION['username'];
}
// maybe set-up some type of flag system
?>You should do an if-else, and the else you could die the error so the page isnt displayed, just the error.
my .02