0

I know that sessions are preferred over cookies for security reasons but I was wondering how to make a session that has an expire date like cookie , I know that session only last until the browser closes but what if I want to make a (Keep me logged in) feature in my system or website without using cookies because hackers might play with it on contrast with sessions that have an ID that no one know it and it is stored on server ? or do i just use cookies and find another way to secure my system which is not easy.

I searched stackoverflow for an answer but couldn't find appropriate one.

i need an explanation, thanks in advance.

ahmed nader
  • 41
  • 7
  • I thought cookies were basically a ticket that let a server know which session (a server side construct) was yours. I don't think they are mutually exclusive. – zero298 Jun 17 '16 at 02:00
  • but i see some websites and system rely on either sessions or cookies so how they are related .. the PHP site say session send a KEY ID to the browser that no one knows and when the browser communicate with the server he fetches the KEY ID and open the appropriate session for this key on the server ... if i am wrong correct me please – ahmed nader Jun 17 '16 at 02:04
  • ok you are right i found your answer that the session send the ID with cookie , i found the answer in the first paragraph here https://paragonie.com/blog/2015/04/fast-track-safe-and-secure-php-sessions.. but how could i secure myself like that ? cookie can be read by hackers ? – ahmed nader Jun 17 '16 at 02:08
  • This article will help you: http://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes – Dominic Harvey Jun 17 '16 at 02:34

0 Answers0