SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Member
    Join Date
    Feb 2011
    Posts
    18
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Permanent Cookies and sessions

    Using PHP sessions is very easy, but the best way to make permanent cookies is built you own ones?

    I'm building a site and in my local server I can change session.cookie_lifetime, but perhaps you can't do that in a shared hosting, and using this method all users will have a permanent cookie, even when they don't want it.

    So, to make a well builded site is better not to use the PHPSESSION, and make you own cookies and store them in MySQL?
    Like in the "Creating a Custom Session Save Handler" part of this article: http://phpmaster.com/writing-custom-session-handlers/

  2. #2
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    Why do you want a permanent cookie exactly?

    Explain that and perhaps we can best advise you.

  3. #3
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    llnitoll

    I'm with Cups, it would best if you explained the reasoning.

    One thing that I do with my sites is to instead of exclusively storing sessions in the database (which I do), I serialize a users session data so it can remain persistent. Next time they log in then they their current session is updated with the un-serialized values. Obviously in this approach users have to log in.

    Steve
    ictus==""

  4. #4
    SitePoint Member
    Join Date
    Feb 2011
    Posts
    18
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    To log in automatically the users, even if they closed the browser. I have a the opcion "Remember me" in the login, like Twitter.

  5. #5
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    read up on php's setcookie()

  6. #6
    SitePoint Member
    Join Date
    Feb 2011
    Posts
    18
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I know how to set cookies, thanks. Until now I was using a cookie stored in the MySQL to log in the users that required to remember their login, and then the php session cookie to store all information.

    But I read that PHPSESSIONS are slow if there are lots of users, and there's the problem I was saying. And there's no reason to do that with 2 cookies, I should be able to do that with one, no?

    So basically I just want to confirm that in my case I should forget the PHPSESSIONS, and store all that in the MySQL, and make a query every time the user makes an action.

  7. #7
    SitePoint Member
    Join Date
    Feb 2011
    Posts
    18
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well, now I only use my cookies, and I don't use the PHP sessions. I hope it's the correct way.

  8. #8
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    Hi llnitoll,

    You may want to look at these resources that talk about the security of cookies/sessions and what can be done for better security.
    To have a 'remember me' you need to use cookies as
    I hope it's the correct way.
    It is up to you to know how to best secure sensitive data, so understanding how cookies and sessions as well as apache and the Database are configured all play into 'The correct way'.

    Sessions are not slow if used for the right thing. It is a very convenient mechanism to keep persistent data while the user travels through stateless html/php pages. Just don't try to use a session like you would a database, then you will say that it is slow.

    Regards,
    Steve
    ictus==""

  9. #9
    Non-Member bronze trophy
    Join Date
    Nov 2009
    Location
    Keene, NH
    Posts
    3,760
    Mentioned
    23 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by llnitoll View Post
    Well, now I only use my cookies, and I don't use the PHP sessions. I hope it's the correct way.
    Since php sessions rely on a unique cookie -- net difference zero. Usually sessions don't give me the level of control I want over the data anyways, which is why I use my own custom cookie/hash tied to a db table and say to heck with $_SESSION.

    Especially since you have no guarantee across servers what the max time session data is stored/purged.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •