jimfog Posted August 28, 2012 Share Posted August 28, 2012 Although I opened topic somewhere else, I wanted to open a separate topic about the question I am going to make. In persistent logins, the cookie holds also the username, does this act ALSO as the session ID? thanks. Link to comment Share on other sites More sharing options...
niche Posted August 28, 2012 Share Posted August 28, 2012 A var_dump() will give you your answer. Link to comment Share on other sites More sharing options...
jimfog Posted August 28, 2012 Author Share Posted August 28, 2012 I am still trying to build the mechanism, that is why I cannot use yet vardump to get the info i want. Link to comment Share on other sites More sharing options...
niche Posted August 28, 2012 Share Posted August 28, 2012 You just wanted to know whether the username acts as the session id in the cookies array. Since, cookies can out last a session and because I don't see anything in the array that id's the session, I think the answer is no. You can var_dump() any array anytime. Sometimes it helps to exit out of a script after a var_dump() to see the dump display. I think the $_SESSION array is persistent by definition unless it's destroyed. Link to comment Share on other sites More sharing options...
birbal Posted August 28, 2012 Share Posted August 28, 2012 cookie should not hold plain text username,user id,password. because cookie is editable and can be spoofed. so if anyone know your user id they have to do create a cookie of it and they can breach into your account.For that reason for persistent login a hashed of mixed of them used. the hash must have be different than your password. you may use user IP and unix timestamp of the user login. so every time it will be never same for different user or even for same user. you can think the hash of it as unique key. remember cookie is just a cookie.its behaviour is customized by you. php handle session cookies. there is no connection between them. in session cookie session id is stored. in remember cookie you store the hash or even if you store user id in cookie it will be ordinary cookie. Link to comment Share on other sites More sharing options...
justsomeguy Posted August 28, 2012 Share Posted August 28, 2012 Check part 2 of the first answer to this question: http://stackoverflow.com/questions/549/the-definitive-guide-to-forms-based-website-authentication#477579 The article that it links to is what you should be following if you decide you want to add this functionality. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.