> On Mon, Jul 6, 2009 at 02:19, Jason Carson<jason@xxxxxxxxxxxxxx> wrote: >>> >> ok, I have two sets of scripts here. One uses setcookie() for logging >> into >> the admin panel and the other uses session_start(). Both are working >> fine, >> is one more secure than the other? > > $_COOKIE data is written to a file that is readable/writeable and > stored on the user's side of things. $_SESSION data is written to the > server, with a cookie stored on the user's side containing just the > PHPSESSID (session ID) string to identify the session file on the > server. > > So determining which is better and/or more secure is really a > matter of the data held there and how it's handled. If storing things > like usernames or you absolutely want to store personal data in an > active session, do so in $_SESSION. If you're storing a password or > credit card number in the active session, you may as well do it in > $_COOKIE, because you're already using an insecure model. ;-P > > -- > </Daniel P. Brown> > daniel.brown@xxxxxxxxxxxx || danbrown@xxxxxxx > http://www.parasane.net/ || http://www.pilotpig.net/ > Check out our great hosting and dedicated server deals at > http://twitter.com/pilotpig > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > Well I'm a newbie when it comes to PHP and programming. I guess I need to read up on login security. Do you know of, or recommend, any websites that will show me how to secure my login model (Using cookies or sessions). -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
