$_COOKIE and $_SESSION

mitchell_1078

Dear all,

I would like to seek your opinion. I have a little knowledge about cookie and I really dont know whether cookie and session are related or not. In my php page,

I store username and pwd in session variables. I use them among php pages. If user logs out or times out, session variables will be unset. In this case should I use cookie ? Because in cookie, expire time can be set. When cooike expires, session variables will implicitly be unset ?? And using cookie can cause security hole ?? If my idea is going wrong, just give me a piece of advice.

Thanks in advance,
Mitchell

jayant

if a user logs out, normally u will destroy the cookie as well.

it is just that when one kills the browser window, the browser will kill the session but not the cookie.

storing sensitive data in a cookie is dangerous. if u store username in a cookie and assume that user is logged in, if it is set, then anyone can spoof the cookie and gain access to some1 else's account 🙂

whether u use sessions or cookies, nothing is secure enough. just that u should try to be one step ahead of people trying to bypass security 😉

mitchell_1078

Now I am using HTTPS and LDAPS protocols over SSL connection. Is it safe enough ?? 😃 Is there anyway to protect cookie and session variables ??

jayant

should be safer, unless you are storing the username/ password in the cookie.

"The only secure computer is one that's unplugged, locked in a safe, and buried 20 feet under the ground in a secret location... and I'm not even too sure about that one" - Dennis Hughes, FBI

mitchell_1078

It is a good idea. I will present it to my supervisor. New Generation Wireless Underground Network System come into light. 😃