Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    Regular Coder
    Join Date
    Jul 2007
    Location
    Scotland
    Posts
    134
    Thanks
    12
    Thanked 0 Times in 0 Posts

    Sessions and cookies in login

    Hi Guys,

    My login system uses sessions toi store the users id and username (Just use id for getting info from mysql etc), i'm trying to figure out, if they tick the rememeber me button on the login form, how i remember them lol i set the cookie fine but when testing the page is never remembered:

    code:

    PHP Code:
    <?php
    ob_start
    ();
    session_start(); 
      if(
    $_SESSION['logged_in'] != 'yes') { 
        
    header("Location: login.php"); 


       
    // CHECK TO SEE IF THE REMEMBER ME WAS TICKED
       
    if (isset($_COOKIE['customers_cookie_id']))
       {
               
    // VARS
               
    $varCookie $_COOKIE['customers_cookie_id'];
       }

               
    // VARS 
               
    $var_loggedinuserid $_SESSION['id'];
        
    $var_loggedinuserfirstname $_SESSION['first_name'];
    ?>
    thats's the code thats at the top of my protected pages! if i echo out $varCookie i get 6 which is my ID!

    so i...

    1) tick the remember me button
    2) set a cookie if its ticked (with the users id)

    then i'm stuped lol if im using sessions how could i use cookies kinda thing

    any advice would be great

    cheers

    Graham

  • #2
    Super Moderator JohnDubya's Avatar
    Join Date
    Nov 2006
    Location
    Missouri
    Posts
    634
    Thanks
    12
    Thanked 18 Times in 18 Posts
    When you check to see if the cookie isset, you can set the id session variable with it:

    PHP Code:
    if (isset($_COOKIE['customers_cookie_id'])) {
       
    $_SESSION['id'] = $_COOKIE['customers_cookie_id'];

    Does that answer your question?

  • #3
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Just don't think of cookies and sessions being the same. Sessions will always try to set a cookie on the client to remember the sid. It likes cookies more than it likes GET.

    Anyway, I assume this is for if they close their browser correct. In order to do this, you'll need to set a cookie for both the username and the password of the user (you are encrypting you're passwords right?). This is because you'll need to use cookies to authenticate you're users, so you'd try something like this:
    PHP Code:
    <?php
    session_start
    ();
    $bIsLogged false;
    if (!isset(
    $_SESSION['loggedin']))
    {
        
    // Not yet logged in, first see if we have some cookies:
        
    if (isset($_COOKIE['username']) && isset($_COOKIE['password']))
        {
            
    // We have something, lets validate them:
            // This is where you'd check you're storage and compare them with
            // the cookie values.  If they match, we have the same user
            
    if ($_COOKIE['username'] == $validUser && $_COOKIE['password'] == $validPass)
            {
                
    $_SESSION['loggedin'] = true;
                
    $bIsLogged true;
            }
        }
    }
    if (!
    $bIsLogged)
    {
        
    // Didn't validate
        
    header('Location: login.php');
    }
    Do you understand what I'm getting at.
    Its straight forward, just follow this logic:
    If no session
    - If cookies
    - Validate cookies
    - Set logged in
    else
    - Request login


    The big one is that all you're cookies should care about is the username and password. You do require both in order to confirm a validation (assuming you have usernames and passwords). Make sure passwords are encrypted. If they are not encrypted in you're database (they should be but...), make sure you're encrypting it before setting the cookie (md5 or sha1 or whatever), and when you do the validation encrypt the valid password for comparison.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 
    Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •