I asked something similar a little while ago, but didn't do a good job
What I'm looking to do is when a user logs in, I start up the session.. I
then have the registered session var to verify they are authenticated as
they move throughout the site.
Now, when they close the browser and come back, I want them to still be
authenticated. Obviously, I have to set a cookie. But what do I set? Do I
set just their user ID? The MD5 of their password? What's the most secure
way, that's not easily spoofed? I don't know that much about cookies, but
if I just use a user ID, couldn't someone just change that ID value and
'become' another user?
Thanks for any advice,
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php