Is it necessary to set a session and cookie for user login?
Posted on 2016-10-04
Currently, I have my code in such a way that if a user logs in without choosing "remember me", a session is set when they login. If they choose "remember me", I set only a cookie and no session. Is this acceptable or should you set a session as well? I am not sure what the common practice is.