Reputation: 1508
Cookies and sessions
I would like to know the proper way to create and destroy session's / cookies.
I use the following:
To create a session / cookie value:
session_start();
$_SESSION['SMUsername'] = $Username;
setcookie("SMUsername",$Username, time()+86400, "/","www.Domain.com","False","True");
To destroy a session / cookie value:
session_destroy();
if(isset($_COOKIE['SMUsername'])){
setcookie("SMUsername","", -1, '/');
}
Is this a good way, or is this 'not done'?
Furthermore, I have read in the following topic: Remove a cookie
It says to never store a cookie with username and/or password information. How else can you use a functionality like remember me, without a cookie?
I use the cookie to remember the user when a new browser is openend. (encrypted though, with md5) When re-opening the website, with another tab, I use a session to remember the user. Is this okay?
Upvotes: 1
Views: 116
Answers (1)
Reputation: 174957
Your session/cookie destroying code is fine.
As for how to do the remember me, it's beyond the scope of this answer. However, check out this description of how to do it.
In short, you save a hash of the username and some other random string, and save it in the database, then compare when the user presents it.
Upvotes: 2