Re: Simple login form with cookies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Jason Carson wrote:
>>> On Mon, Jul 6, 2009 at 02:19, Jason Carson<jason@xxxxxxxxxxxxxx> wrote:
>>>
>>>> ok, I have two sets of scripts here. One uses setcookie() for logging
>>>> into
>>>> the admin panel and the other uses session_start(). Both are working
>>>> fine,
>>>> is one more secure than the other?
>>>>
>>>     $_COOKIE data is written to a file that is readable/writeable and
>>> stored on the user's side of things.  $_SESSION data is written to the
>>> server, with a cookie stored on the user's side containing just the
>>> PHPSESSID (session ID) string to identify the session file on the
>>> server.
>>>
>>>     So determining which is better and/or more secure is really a
>>> matter of the data held there and how it's handled.  If storing things
>>> like usernames or you absolutely want to store personal data in an
>>> active session, do so in $_SESSION.  If you're storing a password or
>>> credit card number in the active session, you may as well do it in
>>> $_COOKIE, because you're already using an insecure model.  ;-P
>>>
>>> --
>>> </Daniel P. Brown>
>>> daniel.brown@xxxxxxxxxxxx || danbrown@xxxxxxx
>>> http://www.parasane.net/ || http://www.pilotpig.net/
>>> Check out our great hosting and dedicated server deals at
>>> http://twitter.com/pilotpig
>>>
>>> --
>>> PHP General Mailing List (http://www.php.net/)
>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>>
>>>
>>>
>> Well I'm a newbie when it comes to PHP and programming. I guess I need
>> to
>> read up on login security. Do you know of, or recommend, any websites
>> that
>> will show me how to secure my login model (Using cookies or sessions).
>>
>>
> Hi Jason,
> I'm probably not any wiser than you, but I have just (today) discovered
> an interesting site that seems to have some really clear explanations
> and tutorials re php, MySsql et al.
> It's worth looking at (I'm trying to implement something like what you
> are, as well):
> http://www.brainbell.com/tutors/php/php_mysql/Authorizing_User_Access.html
> HTH,
> PJ
>
> --
> Hervé Kempf: "Pour sauver la planète, sortez du capitalisme."
> -------------------------------------------------------------
> Phil Jourdan --- pj@xxxxxxxxxxxxx
>    http://www.ptahhotep.com
>    http://www.chiccantine.com/andypantry.php
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
I'll check it out this evening when I have some time. Thanks for the link.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux