php optimising members after login

While creating my website i was stuck on a thing.

Wether i should use $_COOKIE or the session.

I thought using using $_COOKIE would be better.

But what should i store in cookie the users username or the user's unique id ?

And how much time forward i should put the time of the cookie ?

And should i forward the same tim开发者_Python百科e on each page or different ? If different then how much ?

It ultimately comes down to whether your website/application needs to be stateless or not. (See Webservices are stateless?). Its mostly a design decision, but I prefer stateless applications where possible.

If you do use cookies here are some tips:

• You want to store data in the cookie that will uniquely identify the user, but something that is not able to be guessed.
• It is common to put a user_id or a username (provided the user is unable to change it) and a random hash stored alongside the row in the database. When it comes to logging a user in load the user by their user_id and check that the hash in the cookie matches the one in the database.
• As far as how long to store it for, that depends on the nature of your application. If it contains sensitive information then its probably not a good idea to make it last for a long time. You should update the time each time the users requests a page so if a user is using the site they will remain logged in for the duration of their visit.

It is really important not to put sensitive information in cookies, because they are stored in plain text on the user's computer.

You've not provided any information relating to the reasons for your choice of data substrate nor any indication of what you are trying to achieve ("php optimising members after login" - is meaningless gobbeldy-gook).

Wether i should use $_COOKIE or the session.

Hopw much data are you trying to store? For how long? Do you require to have access in the absence of a session? If so does the data need to be available? What is the impact of the user changing the data outwith your website?

But what should i store in cookie the users username or the user's unique id ?

Neither - if your site believes the assertion in the cookies, then hacking your site is as simple as changing the cookie value.