GVNPublic123
asked on
From session to cookies (PHP)
Hello.
My site is entirely session based (you login, and than session is started and some session variables are generated needed for all to work (like $_SESSION['username']).
I would like to upgrade to cookies, where user would be able to login for either cookie that expires when browser is closed either cookie that is stored for a month or something.
What would be easiest and best way to upgrade, any tips?
My site is entirely session based (you login, and than session is started and some session variables are generated needed for all to work (like $_SESSION['username']).
I would like to upgrade to cookies, where user would be able to login for either cookie that expires when browser is closed either cookie that is stored for a month or something.
What would be easiest and best way to upgrade, any tips?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
yes you can very well combine to use cookies and session.
ASKER
What data should I save in cookies?
I suggest to save the session data in a db, because cookie are plain text and can be stolen/read easily. In addition, the cookie data is passed for EVERY REQUEST (images too) to your server, and with a lot of data this is not a good practice.
I suggest to save the data in a db associated with the session_id, and then manipulate the lifetime of the session cookie (just re-set with the same name, content etc with a modified end-date)
http://php.net/manual/en/function.setcookie.php
I suggest to save the data in a db associated with the session_id, and then manipulate the lifetime of the session cookie (just re-set with the same name, content etc with a modified end-date)
http://php.net/manual/en/function.setcookie.php
ASKER
Ok,
My cookies (2) are:
- username
- sha1 combination of some user's data (including salt)
All my members area sites require session data, therefore first its checked that user is logged in and has session data, if not cookie is checked and validated, session data created, cookie extended for 7 days.
Login has option of either session or cookies.
My cookies (2) are:
- username
- sha1 combination of some user's data (including salt)
All my members area sites require session data, therefore first its checked that user is logged in and has session data, if not cookie is checked and validated, session data created, cookie extended for 7 days.
Login has option of either session or cookies.
ASKER
Can I use cookies and session combined?