0

So I am using this approach to keep users logged in, and I am wondering about a few things before I build my data tables.

If a user is able to log in even when they are already logged in (this shouldn't happen but it might), and thus two or more cookies are generated and stored on the users computer, how does my PHP script know which is the correct cookie to validate? Do cookies overwrite each other?

Of course, if I keep a key for every key they generate, it wouldn't matter much which cookie they provided, however this leads me to my next question:

What database design should I use to get rid of old cookies? I can't imagine storing a key for every instance of them logging in. In my short time as a web developer I have not made a database that keeps only the newest instance of an event, and deletes the old one.

Sincere thanks for any help, it is greatly appreciated.

Community
  • 1
  • 1
ambe5960
  • 1,870
  • 2
  • 19
  • 47
  • 1
    cookies have names. if you set a cookie with a name `X` and that name already exists in the cookie jar, then the existing cookie will be overwritten. – Marc B Jan 14 '15 at 20:12
  • got it. thanks. so for the second part of the question, how would I go about getting rid of old cookie keys in the database? – ambe5960 Jan 14 '15 at 20:15
  • `delete from cookies where lastused <= $timelimit`? – Marc B Jan 14 '15 at 20:17

0 Answers0