I have written the registration page in my CodeIgniter application. Everything works fine, and it’s using the PHPass library for password hashing.
Now, I want to write the login part of the system, and was wondering how exactly I’d go about doing this with CodeIgniter. I’m mostly confused about the correct (and best practice) way of doing it. Do I just accept the users login credentials, determine if they’re correct and if so, set up a session for that user? Do they need a cookie? Does that cookie need to be encrypted? Do I need to track the user in my database (CodeIgniter can do this for me) and watch for IP address changes or hostname changes?
There are many many auth libraries but since you are a beginner I strongly believe that it’s better to make something on your own (unless you are on a very strict time frame). Because, as my colleague once told me, without making a mistake you won’t understand why better solution is actually better.
Back to your actual question.
Well, yes. There is no other reasonable way to do it, is there? 🙂
Session ID is stored automatically in a cookie. You can store other options in a cookie, but have in mind that cookies can be stolen (so it’s NOT a good idea to save username/cookie). Plus people use more than one device (e.g. tablet and desktop) more and more so be sensible about using cookies.
I believe I answered that already.