Eelco de Vries wrote:
> This will store a cookie with a userid and an unique number ($token) as
> session-id (??).
> If I'm not mistaken, this session-id is not checked here. Thus serves no
> purose. Anybody who retrieve the cookie from the cookie file on the system
> can use it to resume the session (if done within the set 3600sec.). Even if
> the browser has been closed.
>>
>> // Set Cookie if not already set
>> if (!isset($user_id)) {
>> $token = md5(uniqid(rand()));
>> setcookie("user_id", $token, time()+3600,"/",".yourdomain.com");
>> }
The example here has nothing to do with sessions, you are correct. The
person who replied to you simply gave you a code snippet from one of my
books that assigns a unique id via a cookie. It does not map to a PHP
session.
As to your case:
> In case of login/password required sites, I use the login and password as
> cookie values and have _no_ expiredate set. Every time a request is made
> _both_ cookie values (login and password) are checked with that on the
> server.
I would hope that you are not storing and matching the user's plaintext
password...
+----------------------------------------+
| Julie Meloni ([EMAIL PROTECTED]) |
| |
| "PHP Essentials" and "PHP Fast & Easy" |
| http://www.thickbook.com |
+----------------------------------------+
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
