First time with cookies

djdaz

Hi
I have been using sessions on most of my webpages and i have decided its time to have a look at cookies. I have looked at the examples at php.net but there too confusing for me, how would you use cookies for a simple login? If i can grasp that i should start understanding it all better.
Thanks

Shrike

It's practically the same as using sessions, in fact it's qiute likely that your sessions already use cookies to identify different users.

setcookie("loggedin", "yes", time()+3600, "/");
if(isset($_COOKIE['loggedin'])){
  echo "you are logged in";
}else{
  echo "no access";
}

djdaz

Originally posted by Shrike
It's practically the same as using sessions, in fact it's qiute likely that your sessions already use cookies to identify different users.
setcookie("loggedin", "yes", time()+3600, "/");
if(isset($_COOKIE['loggedin'])){
  echo "you are logged in";
}else{
  echo "no access";
}
[/B]

Cool. If i put in there the users username and password(md5), i can verify that they are correct on every page by checking with the cookie, or is that a bad idea?

Shrike

Generally speaking it's a bad idea to put passwords in a cookie, even if md5()'d. All you really need is something identifiable, you can put the sensitive data somewhere else, on the server.

djdaz

Originally posted by Shrike
Generally speaking it's a bad idea to put passwords in a cookie, even if md5()'d. All you really need is something identifiable, you can put the sensitive data somewhere else, on the server.

So just the username? Or wont people be able to change that and login as other people

laserlight

Actually, the point is that a secure system would not rely on easily accessed and altered data that is stored remotely, i.e. on the client.

Of course, if you were just making a personal homepage and dont need much security, having username and hashed password cookies isnt all that bad.