I have built login systems in php and I always use session to login the user. As a results of using session, my browser always creates a cookie called PHPSESSID. And if the user checks the remember me option, I will set username and password into cookies. Please note that these cookies are accessible in the browser.
Since, I always like to see how others do their login system, I decided to test this fact with facebook. I logged into my facebook, without checking the Keep me logged in and then I check the cookies but I didn’t see PHPSESSID cookie. Does anyone know why?
For the second time, I logged into facebook, this time I checked the keep me logged in. Then I checked the cookies and I saw the same cookies with same expiry date as in my first try.
if the first and second try results in same cookies, then what is the difference? Or better say what is the point of using it?
Please, don’t do that. Passwords and other sensitive data shouldn’t be saved into cookies.
A session cookie doesn’t have to be named
PHPSESSID. I show 11 cookies from Facebook, several of which have data that might be session information.The remember-me functionality could easily be server-side.
There’s more than one way of doing pretty much everything in web development. Facebook’s a complex system, and as such they’re sometimes going to use more complex solutions than is necessary on your smaller projects.