PHP Sessions & Cookies

Python

Got a few questions about sessions and cookies in PHP...

Firstly sessions
Anyone know of any good, fairly detailed tutorials explaining sessions and how they are used in membership scripts...

And cookies...
How can you create a secure login script which cannot be 'hacked' through modifying the cookie info... or so that it is very hard?

Setting a cookie upon succesful login is easy and so is checking it but someone could change for example the userid in the cookie so they access another users account...

Thanks

danielneri

Try this site:

http://www.zend.com/php/beginners/php101-10.php

it worked for me...now i realized what i was doing wrong in my membership script

Chroder

To create a 'remember me' cookie, just make sure to include both the username/id and a password, and authenticate both on every page load.

Though you obviously don't want the password to be in plain text, you'd want to hash it in the very least (with a salt, preferably).