Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
08-10-2002, 09:34 AM #1
- Join Date
- Mar 2002
- Thanked 19 Times in 18 Posts
Creating a login system- use sessions or cookies?
I'm reading up on sessions and cookies in PHP, and am a little confused on the usage between the two.
For example, lets say I want to create a typical username/password login form to allow visitors to login and browse the rest of the site, with the option to "remember login info permanantly." For the later part, what is the most common way of implementing such a feature? Is it to
1) Store the name/password set on the user's computer using permanant cookies during their initial log-in, then upon their return, retrieve and set this info as session variables each time
2) Or is there a way for PHP sessions alone to handle the entire process without resorting to cookies? I read how one could session_encode() a session, then store the info on the server, though how would this info then be matched up with each member that returns to the site?
From a novice point of view, it would seem implementing a "remember user login permanantly" feature can only be acomplished using 1).
Thanks for any insight.
08-10-2002, 10:30 AM #2
- Join Date
- Jun 2002
- Thanked 0 Times in 0 Posts
You would obviously need some way of identifying the clients PC
when they returned in order for a log-back-in-automatically facility to work. I'm sure you are aware that any variable sniffing script is prone to glitch (eg sniff the IP would glitch on dynamic IP machines), thus pointing toward your having to set your very own variable upon their PC that you can read when they return.
Result === cookies.
Ökii - formerly pootergeist
teckis - take your time and it'll save you time.
08-10-2002, 11:13 AM #3
- Join Date
- May 2002
- Perth Australia
- Thanked 92 Times in 90 Posts
Hi, you can try using session_set_cookie_params() , which allws you to set the expiry of the cookie that sessions automatically set (assuming session.use_cookies is enabled in the php.ini)
note you have to use session_set_cookie_params() before you session_start()!
$expireTime = 3600*24*100; // 100 days
however I am unsure if the sesion garbage collection routine will cause problems with this (I assume it will ?) unless you set handle the garbage collection yourself - never tried , but will have a play.
MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)