Solved

From session to cookies (PHP)

Posted on 2011-02-19
6
293 Views
Last Modified: 2012-05-11
Hello.

My site is entirely session based (you login, and than session is started and some session variables are generated needed for all to work (like $_SESSION['username']).

I would like to upgrade to cookies, where user would be able to login for either cookie that expires when browser is closed either cookie that is stored for a month or something.

What would be easiest and best way to upgrade, any tips?
0
Comment
Question by:GVNPublic123
  • 3
  • 2
6 Comments
 
LVL 36

Accepted Solution

by:
Loganathan Natarajan earned 500 total points
ID: 34931972
This is good tutorial to use cookie and session, try it
0
 

Author Comment

by:GVNPublic123
ID: 34932002
Also, what values should I use in cookie?

Can I use cookies and session combined?
0
 
LVL 36

Expert Comment

by:Loganathan Natarajan
ID: 34932018
yes you can very well combine to use cookies and session.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:GVNPublic123
ID: 34932027
What data should I save in cookies?
0
 
LVL 4

Expert Comment

by:LAMASE
ID: 34932241
I suggest to save the session data in a db, because cookie are plain text and can be stolen/read easily. In addition, the cookie data is passed for EVERY REQUEST (images too) to your server, and with a lot of data this is not a good practice.

I suggest to save the data in a db associated with the session_id, and then manipulate the lifetime of the session cookie (just re-set with the same name, content etc with a modified end-date)
http://php.net/manual/en/function.setcookie.php
0
 

Author Comment

by:GVNPublic123
ID: 34932484
Ok,

My cookies (2) are:
- username
- sha1 combination of some user's data (including salt)

All my members area sites require session data, therefore first its checked that user is logged in and has session data, if not cookie is checked and validated, session data created, cookie extended for 7 days.

Login has option of either session or cookies.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to count occurrences of each item in an array.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now