Jcart wrote:The simplest way is to create some kind of key and store this in the users table,
then compare the key with the one in the cookie.
We have talked about this many times before,
have you looked at any of the previous threads?
I have also seen the use of a special table
where userid and several cookiedata are stored.
This table is used for some security matching testing. A special key called 'serial' is checked/updated each visit.
To prevent use of 'stolen cookie', 'cookie theft'.
Here is the article:
Improved Persistent Login Cookie Best Practice
http://jaspan.com/improved_persistent_login_cookie_best_practice
I have also seen a PHP Web application that use an implemention of this way refering to article.
But cant remember which one it is.
Now
cookie theft does not happen too often.
And for a normal website we may do well with some less complicated cookie controls.