Elysian Shadows

Martyj wrote:I have a question about cookies and sessions, as given by the title.

I am currently working on a part of a website that allows people with the right access change information on the website. Currently the website uses sessions to pass information to other pages and to verify the user. My question is, if I change from a session to a cookie will it open a security risk. For example, would someone be able to re create the cookie on another page and gain access to the web page or is the cookie server specific.

Currently the Session only holds the username and not the password or any other information. So if it is a security risk would I need to pass the password encrypted with the cookie and check the information for each page, or will it be fine and pose no security risk.

The reason I want to switch to cookies is because they expire. I want to force the users who view the page to sign in. I'm too lazy to have it update the data base with the date each time they refresh so I have it for every time someone logs in, it updates the time in the data base. I'm a lazy web developer :P

So yea some information on this would be most appreciated.

Martyj wrote:Ok so how you would use this would be like

session_set_cookie_params (time() - 3600 ," /" ,"http://www.evilchicken.net", false , false )
session_start();

like that?

void session_set_cookie_params  ( int $lifetime  [, string $path  [, string $domain  [, bool $secure= false  [, bool $httponly= false  ]]]]

$expireTime = 20*60;
session_set_cookie_params($expireTime);
session_start();

I'm a lazy web developer :P