sessions and cookies
Posted: Mon Aug 23, 2004 5:19 am
Hi
I'm using sessions to store user information after logging in. Of course, when the user closes his browser window, the session is destroyed. Next time the user visits my site, he has to log in again.
Now I want the "remember me" feature when logging in. So I've made a login form that has the "remember me" option that sets a cookie wich contains the username and the password (secured of course).
Now I wondered if I need to check the username/pass on every page of my website again before storing the cookie data in a session. Or is it safe to assume that the cookie information is correct?
And if I do the check on every page, assuming I have a lot of users browsing, wouldn't that be too demanding for the server?
I'm using sessions to store user information after logging in. Of course, when the user closes his browser window, the session is destroyed. Next time the user visits my site, he has to log in again.
Now I want the "remember me" feature when logging in. So I've made a login form that has the "remember me" option that sets a cookie wich contains the username and the password (secured of course).
Now I wondered if I need to check the username/pass on every page of my website again before storing the cookie data in a session. Or is it safe to assume that the cookie information is correct?
And if I do the check on every page, assuming I have a lot of users browsing, wouldn't that be too demanding for the server?