Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 64
  • Last Modified:

Is it necessary to set a session and cookie for user login?

Currently, I have my code in such a way that if a user logs in without choosing "remember me", a session is set when they login. If they choose "remember me", I set only a cookie and no session. Is this acceptable or should you set a session as well? I am not sure what the common practice is.
0
Black Sulfur
Asked:
Black Sulfur
1 Solution
 
Dave BaldwinFixer of ProblemsCommented:
Sessions normally set a cookie of their own.  I just use sessions for login.  "remember me" is usually for an 'automatic' login at a later date.  That would require a cookie because sessions don't last that long.
0
 
Black SulfurAuthor Commented:
Thanks, Dave. So what I am doing is fine then? If they check the "remember me" checkbox  I then just set a cookie with an expiry date and don't set a session using $_SESSION['session_name'] like I would if they don't check "remember me".
0
 
Ray PaseurCommented:
You should probably set a session as well.  This article shows the time-honored traditional solutions.  You can copy the code samples and use them, or just follow the logic and general guidance.
https://www.experts-exchange.com/articles/2391/PHP-Client-Registration-Login-Logout-and-Easy-Access-Control.html
1

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now