Hello, I currently creating a php script for login, but i have a problem with sessions and cookies. What is better for securty (cookie, session)? What is the best to save in cookie or session (ip, username, browser info)? Thanks for help Best regards, GSP
In order to create a persistent browser session you must use http cookies or store persistent data in the query string. I recommend cookies because it's cleaner and easier. The only thing you need to store in a cookie is an id. The id should be a key in a server side database table. - Create a DB table named Sessons. Required columns: sid (char 32), created (datetime), lastaction (datetime), username. - Upon successfully logging in. Generate a 32 character SessionID using md5. Use the username+time()+random number as the plaintext (salt). Add an entry in the database table Sessions. Create an HTTP cookie named "sid" holding the same 32 character key. - With every page turn fetch the sid from the http cookies. Look for the session in the Sessions table. If exists update the lastaction and fetch the username. You can now use the username to pull the members info from other tables (assuming the username is in fact the key in those tables). Ofcourse you need to add support to expire sessions and clean up the sessions table. But this should give you an idea.