Cookies or Sessions for Authentification?

bladx

Hi,

I have been working on a small content-management PHP project lately, and I have decided that I should probably start using cookies for the login/authentication scheme of the project.

However, I am not sure which is the BEST way to organize the code. Should I: 1) Use cookies JUST to authenticate a logged user and then use sessions to track individual preferences 2) Use cookies for EVERYTHING (which I am skeptical about, since not everyone will have cookies enabled) or 3) Use sessions for EVERYTHING ... which is what I have been doing so far. Unfortunately when I run this project on the projects' Sourceforge webspace, the sessions don't seem to always work correctly, and I would like to figure out how to make a logged user's experience a good and reliable log in... right now it is flaky, and randomly allows a logged in user to access the admin things, etc.

Anyways, can I get any advice about which is the best way to go at this thing? Thanks!

mmilano

i would use both.

use a cookie with the login information on it.. such as user/pass. ( you might want to encrypt the pass )

then use sessions for everything else. this will make it so users with cookies enabled can come back to the site without logging in... and non-cookie-using-users can just login once per session.