|
Posted by Rik Wasmus on 10/30/07 19:57
On Tue, 30 Oct 2007 20:41:35 +0100, macca <ptmcnally@googlemail.com> wrote:
> dont use cookies. They are not secure and some people have cookies
> turned off in their browsers. Use sessions instead.
Which is no use for a 'remember me' feature as the sessionid will have to
get to the script some way: either by GET query-string, POST value (both
of which aren't available on the next visit) or COOKIE value (which BTW is
the default for sessions). A cookie is the only way to implement this, and
for security reasons I always advise clients to forget about that feature.
--
Rik Wasmus
[Back to original message]
|