Re: Handling sessions through cookies, is it safe?
- From: s a n j a y <sanjay.debian@xxxxxxxxx>
- Date: Sun, 16 Jul 2006 19:55:01 -0500
romayankin@xxxxxxxxx wrote:
I need to limit the session time for a particular user who is working
on my site. I'd also like to extend the session time each time user
performs some action (moves from one page to another). I've written the
following code to accomplish this task
/* Extending session */
if(isset($_COOKIE['username'])) {
setcookie ("username", $_POST['username'], time()+3600);
}
Variable $_COOKIE['username'] right after the authorization is
completed.
The problem is that I don't think this is a safe way to handle
sessions. Perhaps I should use $_SESSION global array to store the
username of the logged user?
In my opinion, all you should store in a cookie is session-id. Everything else, you store on server in either global session veriable or in a database.
.
- Follow-Ups:
- Re: Handling sessions through cookies, is it safe?
- From: totalstranger
- Re: Handling sessions through cookies, is it safe?
- References:
- Handling sessions through cookies, is it safe?
- From: romayankin
- Handling sessions through cookies, is it safe?
- Prev by Date: Re: Forced download issue with IE6
- Next by Date: Re: Please help..
- Previous by thread: Re: Handling sessions through cookies, is it safe?
- Next by thread: Re: Handling sessions through cookies, is it safe?
- Index(es):
Relevant Pages
|
