At 09:03 PM 1/31/2002 -0400, Miles Thompson wrote:
>If you want persistence then use a cookie to
>- store the information
>- to provide a key for fetching data from a database
>or accept that if preservation of inter-invocation data is impt enough to 
>require registration of users and a login if the client has cookies turned off.
>Sessions are supposed to be evanescent!
>(If someone else has responed, forgive me.)

hmmm, i think i stated this badly.

when a user logs in to my site, i load a bunch of stuff about them from a 
database and put it in session variables.  right now i have the session 
expiration time set to a pretty large value.

they can come back later in the day and still have all their information 
remembered, or they can hit the logout button to have their session destroyed.

i see what you're saying about using a cookie, but the session IS a 
cookie!  it just seems like it would be better to have just the one 
cookie.  especially as the contents of a session cookie are hard to guess 
at.  i'm not sure what sort of cookie i could give someone for persistent 
login that isn't easily forged.


PHP General Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to