At 09:03 PM 1/31/2002 -0400, Miles Thompson wrote: >If you want persistence then use a cookie to >- store the information >- to provide a key for fetching data from a database >or accept that if preservation of inter-invocation data is impt enough to >require registration of users and a login if the client has cookies turned off. > >Sessions are supposed to be evanescent! > >(If someone else has responed, forgive me.)
hmmm, i think i stated this badly. when a user logs in to my site, i load a bunch of stuff about them from a database and put it in session variables. right now i have the session expiration time set to a pretty large value. they can come back later in the day and still have all their information remembered, or they can hit the logout button to have their session destroyed. i see what you're saying about using a cookie, but the session IS a cookie! it just seems like it would be better to have just the one cookie. especially as the contents of a session cookie are hard to guess at. i'm not sure what sort of cookie i could give someone for persistent login that isn't easily forged. -jsd- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]