https://www.webmaster-forums.net/crss/node/1023234 en https://www.webmaster-forums.net/serverside-scripting/i-need-cookie-clarification#comment-1143095 <p>Well, just to learn I decided to do it using both cookies and sessions and see which one I liked better. As for sessions, I've encountered a problem and If any of you could help that would be great. </p> <p>Sessions last on the server 1440 seconds (By default). On the client, the session cookie can last as long as you want it to last by using the<br /> session_set_cookie_params() function. The problem is, i'm trying to change how long the session lasts on the server. Is this possible on a shared server. I didn't think it would be since everyone on the server shares the same php.ini file. But then I came across on set_ini function and if it has any bearing for this particular script i'm trying to make. I noticed every time i set a certain value, it just goes back to the default after the script is terminated....so that doesn't help me at all. Does it normally stick but since i'm on a shared server it just goes back to defaults or what. What is the purpose of it.</p> Sat, 20 Dec 2003 23:18:04 +0000 section31 comment 1143095 at https://www.webmaster-forums.net https://www.webmaster-forums.net/serverside-scripting/i-need-cookie-clarification#comment-1142904 <p>sounds good.</p> Wed, 17 Dec 2003 09:04:44 +0000 section31 comment 1142904 at https://www.webmaster-forums.net https://www.webmaster-forums.net/serverside-scripting/i-need-cookie-clarification#comment-1142903 <p>what about encrypt the password twice ?<br /> $pw = 'your_special_password';</p> <p>$password = md5(md5($pw, $realpassword));</p> <p>or something like that, as md5 can't be unencrypted, but can be worked out with program, esp if the users use dictionary words or numbers, adding your own password in there as well just makes that much harder.<br /> then add it to a session inserted into a cookie</p> <p>[edit] might want to run it by Mark first, he's the PHP guru [/edit]</p> Wed, 17 Dec 2003 09:03:18 +0000 Busy comment 1142903 at https://www.webmaster-forums.net https://www.webmaster-forums.net/serverside-scripting/i-need-cookie-clarification#comment-1142897 <p>Yes.</p> <p>Is this for auto-login functionality? I would advice some kind of encryption. You don't want plain text username/passwords in a cookie. Or perhaps use something other than a password in cookies... some kind of cookie key.</p> Wed, 17 Dec 2003 07:35:52 +0000 Mark Hensler comment 1142897 at https://www.webmaster-forums.net https://www.webmaster-forums.net/serverside-scripting/i-need-cookie-clarification#comment-1142895 <p>I even have a few books that do that. Strange...</p> <p>So I should just make a function or something that checks the values of the cookies for each time they load the page?</p> Wed, 17 Dec 2003 07:27:08 +0000 section31 comment 1142895 at https://www.webmaster-forums.net https://www.webmaster-forums.net/serverside-scripting/i-need-cookie-clarification#comment-1142894 <p>Uh.. I would certainly stay away from any script that merely checks if a cookie var is set, and not the value of the cookie.</p> <p>Personally, the only value I set in cookies is the session id (as you mentioned). Everything else gets stored in a database in a session table (using the cookie-fied session id as a key).</p> <p>Can a cookie be faked. Sure. There are even ways to steal cookies, but I will not be getting into that for obvious reasons.</p> Wed, 17 Dec 2003 07:23:38 +0000 Mark Hensler comment 1142894 at https://www.webmaster-forums.net