> On Mon, Jul 6, 2009 at 02:19, Jason Carson<
jason@...> wrote:
>>>
>> ok, I have two sets of scripts here. One uses setcookie() for logging
>> into
>> the admin panel and the other uses session_start(). Both are working
>> fine,
>> is one more secure than the other?
>
> $_COOKIE data is written to a file that is readable/writeable and
> stored on the user's side of things. $_SESSION data is written to the
> server, with a cookie stored on the user's side containing just the
> PHPSESSID (session ID) string to identify the session file on the
> server.
>
> So determining which is better and/or more secure is really a
> matter of the data held there and how it's handled. If storing things
> like usernames or you absolutely want to store personal data in an
> active session, do so in $_SESSION. If you're storing a password or
> credit card number in the active session, you may as well do it in
> $_COOKIE, because you're already using an insecure model. ;-P
>
> --
> </Daniel P. Brown>
>
daniel.brown@... ||
danbrown@...
>
http://www.parasane.net/ ||
http://www.pilotpig.net/> Check out our great hosting and dedicated server deals at
>
http://twitter.com/pilotpig>
> --
> PHP General Mailing List (
http://www.php.net/)
> To unsubscribe, visit:
http://www.php.net/unsub.php>
>
Well I'm a newbie when it comes to PHP and programming. I guess I need to
read up on login security. Do you know of, or recommend, any websites that
will show me how to secure my login model (Using cookies or sessions).
--
PHP General Mailing List (
http://www.php.net/)
To unsubscribe, visit:
http://www.php.net/unsub.php
