Hey friends I've a doubt regarding my password authentication code given below
If we use session _start function one need not use the cookies as

     $_SESSION['user'] = $username;
     $_SESSION['password'] = $password;

functions do the same job that cookies would have done so my cookies code is just a clutter??

Here's my code

<?PHP
session_start();
?>
<?php
include "connect.php";
include 'var.php';
print "<link rel='stylesheet' href='http://127.0.0.1/styles/styles.css' type='text/css'>";
if (isset($_POST['submit'])) // name of submit button
{
    $username = $_POST['username'];
    $password = $_POST['password'];
    $password = md5($hash . md5($password));
    $query = "SELECT* from moderators where username='$username' and password='$password'";
    $usercheck1 = mysql_query($query) or die(mysql_error());
    $usercheck2 = mysql_num_rows($usercheck1);
    if ($usercheck2)
    {
        $_SESSION['user'] = $username;
        $_SESSION['password'] = $password;
        if ($_POST['remember'])
        {
            $memberid = $result2[username];
            $passkey = $result2[password];
            [COLOR=Green]$cookie1 = "[0]";
            $cookie2 = "[1]";
            $cookie3 = "$cookiename$cookie1";
            $cookie4 = "$cookiename$cookie2";
            setcookie("$cookie3", "$memberid", time() + 7776000);
            setcookie("$cookie4", "$passkey", time() + 7776000);[/COLOR]
        }
        print "<center>";
        print "<table class='tborder' cellpadding='6' cellspacing='1' border='0'>";
        print "<tr><td class='panelsurround' align='center'><center>Logged In</center></td></tr></table></center>";
        print "<META HTTP-EQUIV = 'Refresh' Content = '2; URL =http://127.0.0.1/register.php'></center>";
    }
    else
    {
        print "<center>";
        print "<table class='tborder' cellpadding='6' cellspacing='1' border='0'>";
        print "<tr><td class='panelsurround' align='center'><center>Invalid username or password</center></td></tr></table></center>";
        //print "<META HTTP-EQUIV = 'Refresh' Content = '2; URL =http://127.0.0.1/login.php'></center>";

    }
}
?>

Edited 3 Years Ago by mike_2000_17: Fixed formatting

I think it's better to use sessions rather than cookies because cookies can be deleted by the user while sessions can not be deleted.
Me,I don't use cookies anymore.
Just my opinion....

Cookies are bits of information that will remain accessible to the browser across many openings and closings of the browser. For example, the "Remember me" functions of websites use sessions. Sessions, OTOH, are only remembered while the browser is opened. If the browser is closed, the session ID will be different and the user will have to do things like log in again.

For the record, Mozilla lets me delete the session ID when I want to. It's just another cookie in Mozilla's point of view.

This article has been dead for over six months. Start a new discussion instead.