|
|
I was just doin some thinking, what do you think is more secure, sessions or cookies, when it comes to logins. I thought of some pros and cons: + = Pro - = Con Sessions:-Last for browser up time. +Easy to modify the variables Cookies:+Can staff for longer than browser up time. -Harder to keep track of(for me  ) What do you think.
|
|
|
|
|
|
|
With sessions if a user forgets to logout but closes their browser on a public computer, another person can't (easily) access their controls on the website. That's one plus.
|
|
|
|
|
|
I use a combination of both. You use the database and cookies to double-check that they're logged in. You then set a session variable saying so. That makes it extremely easy to work functions that differ from guests and members. You then, of course, delete the cookies, modify the database, and modify the session var when the user manually logs out. 
|
|
wat
|
|
|
