Is it necessary to set a session and cookie for user login?

Currently, I have my code in such a way that if a user logs in without choosing "remember me", a session is set when they login. If they choose "remember me", I set only a cookie and no session. Is this acceptable or should you set a session as well? I am not sure what the common practice is.
LVL 1
Black SulfurAsked:
Who is Participating?
 
Ray PaseurCommented:
You should probably set a session as well.  This article shows the time-honored traditional solutions.  You can copy the code samples and use them, or just follow the logic and general guidance.
https://www.experts-exchange.com/articles/2391/PHP-Client-Registration-Login-Logout-and-Easy-Access-Control.html
1
 
Dave BaldwinFixer of ProblemsCommented:
Sessions normally set a cookie of their own.  I just use sessions for login.  "remember me" is usually for an 'automatic' login at a later date.  That would require a cookie because sessions don't last that long.
0
 
Black SulfurAuthor Commented:
Thanks, Dave. So what I am doing is fine then? If they check the "remember me" checkbox  I then just set a cookie with an expiry date and don't set a session using $_SESSION['session_name'] like I would if they don't check "remember me".
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.