I asked something similar a little while ago, but didn't do a good job

What I'm looking to do is when a user logs in, I start up the session.. I
then have the registered session var to verify they are authenticated as
they move throughout the site.

Now, when they close the browser and come back, I want them to still be
authenticated.  Obviously, I have to set a cookie.  But what do I set?  Do I
set just their user ID?  The MD5 of their password?  What's the most secure
way, that's not easily spoofed?  I don't know that much about cookies, but
if I just use a user ID, couldn't someone just change that ID value and
'become' another user?

Thanks for any advice,

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to