Posted by s a n j a y on 07/17/06 00:55

romayankin@gmail.com wrote:
> I need to limit the session time for a particular user who is working
> on my site. I'd also like to extend the session time each time user
> performs some action (moves from one page to another). I've written the
> following code to accomplish this task
>
> /* Extending session */
> if(isset($_COOKIE['username'])) {
> setcookie ("username", $_POST['username'], time()+3600);
> }
>
> Variable $_COOKIE['username'] right after the authorization is
> completed.
> The problem is that I don't think this is a safe way to handle
> sessions. Perhaps I should use $_SESSION global array to store the
> username of the logged user?
>

In my opinion, all you should store in a cookie is session-id.
Everything else, you store on server in either global session veriable
or in a database.

[Back to original message]