Hello and welcome to our community! Is this your first visit?
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    WA is offline
    Join Date
    Mar 2002
    Thanked 19 Times in 18 Posts

    Creating a login system- use sessions or cookies?

    I'm reading up on sessions and cookies in PHP, and am a little confused on the usage between the two.

    For example, lets say I want to create a typical username/password login form to allow visitors to login and browse the rest of the site, with the option to "remember login info permanantly." For the later part, what is the most common way of implementing such a feature? Is it to

    1) Store the name/password set on the user's computer using permanant cookies during their initial log-in, then upon their return, retrieve and set this info as session variables each time

    2) Or is there a way for PHP sessions alone to handle the entire process without resorting to cookies? I read how one could session_encode() a session, then store the info on the server, though how would this info then be matched up with each member that returns to the site?

    From a novice point of view, it would seem implementing a "remember user login permanantly" feature can only be acomplished using 1).

    Thanks for any insight.
    - George
    - JavaScript Kit- JavaScript tutorials and 400+ scripts!
    - JavaScript Reference- JavaScript reference you can relate to.

  • #2
    Regular Coder
    Join Date
    Jun 2002
    Thanked 0 Times in 0 Posts
    You would obviously need some way of identifying the clients PC
    when they returned in order for a log-back-in-automatically facility to work. I'm sure you are aware that any variable sniffing script is prone to glitch (eg sniff the IP would glitch on dynamic IP machines), thus pointing toward your having to set your very own variable upon their PC that you can read when they return.

    Result === cookies.
    Ökii - formerly pootergeist
    teckis - take your time and it'll save you time.

  • #3
    Super Moderator
    Join Date
    May 2002
    Perth Australia
    Thanked 92 Times in 90 Posts
    Hi, you can try using session_set_cookie_params() , which allws you to set the expiry of the cookie that sessions automatically set (assuming session.use_cookies is enabled in the php.ini)

    note you have to use session_set_cookie_params() before you session_start()!


    $expireTime = 3600*24*100; // 100 days

    however I am unsure if the sesion garbage collection routine will cause problems with this (I assume it will ?) unless you set handle the garbage collection yourself - never tried , but will have a play.
    resistance is...

    MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)


    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts