Crazy Horse
asked on
Is it necessary to set a session and cookie for user login?
Currently, I have my code in such a way that if a user logs in without choosing "remember me", a session is set when they login. If they choose "remember me", I set only a cookie and no session. Is this acceptable or should you set a session as well? I am not sure what the common practice is.
Sessions normally set a cookie of their own. I just use sessions for login. "remember me" is usually for an 'automatic' login at a later date. That would require a cookie because sessions don't last that long.
ASKER
Thanks, Dave. So what I am doing is fine then? If they check the "remember me" checkbox I then just set a cookie with an expiry date and don't set a session using $_SESSION['session_name'] like I would if they don't check "remember me".
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.