Page 1 of 1

Cookie question

Posted: Sat Jun 16, 2007 9:46 pm
by pinehead18
I'm editing some code for the first time in a while (not my code) and i'm not familar with cookies.

Code: Select all

setcookie($this->CFG['cookie']['starting_text'].'_user_name', $this->fields_arr['user_name'], time()+60*60*24*365, '/');
This is what it is.

I'm writing a news script and basically i need to see if the user is logged in (cookie is set)

So do i want to see if cfg['cookie'] is set or do you guys have any ideas?

Posted: Sat Jun 16, 2007 10:13 pm
by Arawn
That doesn't look go from a security perspective.

As to your question, check into $this->fields_arr['user_name'] which should contain the user's name but really not enough information.

Posted: Sat Jun 16, 2007 10:33 pm
by superdezign
You don't want to use cookies at all. At any point, a user could alter a cookie because it is on their computer, which is not at all secure. What you want are sessions.

Posted: Sun Jun 17, 2007 12:55 am
by tecktalkcm0391
superdezign wrote:You don't want to use cookies at all. At any point, a user could alter a cookie because it is on their computer, which is not at all secure. What you want are sessions.
Agree... sessions are better.