persistent login mechanism

[jimfog]

Although I opened topic somewhere else, I wanted to open a separate topic about the question I am going to make. In persistent logins, the cookie holds also the username, does this act ALSO as the session ID? thanks.

Edited August 28, 2012 by jimfog

[niche]

A var_dump() will give you your answer.

Edited August 28, 2012 by niche

[jimfog]

I am still trying to build the mechanism, that is why I cannot use yet vardump to get the info i want.

[niche]

You just wanted to know whether the username acts as the session id in the cookies array. Since, cookies can out last a session and because I don't see anything in the array that id's the session, I think the answer is no. You can var_dump() any array anytime. Sometimes it helps to exit out of a script after a var_dump() to see the dump display. I think the $_SESSION array is persistent by definition unless it's destroyed.

Edited August 28, 2012 by niche

[birbal]

cookie should not hold plain text username,user id,password. because cookie is editable and can be spoofed. so if anyone know your user id they have to do create a cookie of it and they can breach into your account.For that reason for persistent login a hashed of mixed of them used. the hash must have be different than your password. you may use user IP and unix timestamp of the user login. so every time it will be never same for different user or even for same user. you can think the hash of it as unique key. remember cookie is just a cookie.its behaviour is customized by you. php handle session cookies. there is no connection between them. in session cookie session id is stored. in remember cookie you store the hash or even if you store user id in cookie it will be ordinary cookie.

[justsomeguy]

Check part 2 of the first answer to this question: http://stackoverflow.com/questions/549/the-definitive-guide-to-forms-based-website-authentication#477579 The article that it links to is what you should be following if you decide you want to add this functionality.