it is possible to set cookie and session only with username or something like that?
$_SESSION['username'] = $row['username'];
setcookie('username', $row['username'], time() + (60 * 60 * 24 * 30));
Asked
Active
Viewed 58 times
1 Answers
0
Yes it's possible, however;
- I would not store a username in a cookie as it can be modified very easily by the user.
- For example, if you use
$_COOKIE['username']in auditing, or within your logic raw, people can "become other people"
- For example, if you use
- Store the value in your session cookie as the values are stored on your server and only reference by the client with a "random" string.
- It's harder to pretend to be someone else this way - but not impossible. Ie: Session hijacking (but that's another topic)
Generally, setcookie is used to store data on the clients machine that you want to use for when they return at a later date - or example, checking to see if they agreed to your cookie policy.
A session cookie is used for the session of the visit and then destroyed once they leave (ie: logout) the web app.
Notes
- A client can edit the expiration date of a cookie
- Sessions should really have the secure flag
- Sessions should really have the HttpOnly flag
- There is a maximum size on cookies
