Managing Users

**SharifTK** · Feb 12, 2004, 12:29

What is the best method for keeping managing my users? I don't think storing username and password in cookies is secure so I am trying to avoid that. My idea is storing the session ID in a cookie, and in a table along with the username. I just dont understand how I should go on about doing this. So my question really is what is the best way of keeping users logged in without storing username and pass in cookies.

**Mandibal** · Feb 12, 2004, 13:07

Hi Sharif,

Have you read Harry's article on access control? You should take a look at it.
http://www.sitepoint.com/article/1279
This may help.

**SharifTK** · Feb 12, 2004, 17:01

Thanks for that link Mandibal. Maybe I should try the method that forums like vBulletin uses. So I ask, what is that method? I hope it's not storing the users account info in a cookie

**Mandibal** · Feb 12, 2004, 17:10

I havent disected the vBulletin method, but I'd assume that they dont store sensitive information like a password in a cookie. I think the big thing I took from Harrys article and I assume that this might some what standard is that even after a user initially logs in you act paranoid later. By this I mean if the user logs in then goes and wants to change a password or something you make them supply the original password again so you can check it against the db. Also dont store a password in clear text if you dont have to. Encode it at least with md5.

**Schwalbach** · Feb 12, 2004, 17:10

Hey,

Whenever I delete all cookies from sitepoint, I am logged out.

When I viewed my cookies, it does look like they have it encrypted..Here is how I do it using cookies..

First, whenever a user registers, I set a md5($username)
and insert it into my db.

Whenever I set the cookie, I use the value of the md5 and set it in the cookie.

Now when checking for the user logged in, read the cookie, then SELECT * FROM table WHERE encrypt="$cookieval"

Just replace the encrypt with your row name, table with tablename, and cookieval with the actual cookies information.

I don't know if it is safe or not, but works for me

**Knightime** · Feb 12, 2004, 18:36

It seems there are questions about security here and there. I can sympathize with the confusion. There is a great article called "The Truth About Sessions" that can be found in this free d/l digital version of the mag:

https://www.entwickler.com/ssl/phppdf/

The SitePoint Forums have moved.

User Tag List

Thread: Managing Users

Thread Tools

Display

Managing Users

Bookmarks

Bookmarks

Posting Permissions