Help me please, doubts with sessions and cookies

[ccsakuweb]

Help me please, some doubts with sessions and cookies

Hi, I have to make a work for my father. A shop. I know that I need sessions for the cart. And cookies for identify the user (user and pass, with md5). But I don't know what is secure (is posible to steal cookies?) and there is people without cokies in the internet browser. Then maybe the people use the database.
Someone could help me please? or tell me a tutorial or documentation?

Thanks !!

[ccsakuweb]

could someone help me please?

[V@no]

For a secure connection you should never use cookies

[ccsakuweb]

I see.. but in the university they only teached me to use cookies. Is there other solution for use sessions for cart and cookies for user identification?
I have see in db from 4images a table named sesions.

Thanks V@no for your reply

please could you tell me what is more secure? I had searched tutorials but I only found cookies.

[V@no]

Let me just say this:
you can not relay on others when it comes to security, so cookies is out of question, because most of the internet users have no idea how to protect their computers, they don't even have antivirus programs. That said, if you want have a secure connection with your clients, don't use cookies, because cookies can be compromised on the client's computer. Keep session expiration time as short as possible (obviously too short will be annoying). Using cookies for auto login won't be a problem for security, as long as the user being asked enter their password before they can do any changes (or even view details) in their profile or before any money transaction occur.
I don't know what is it you are trying to do exactly, but if it involves payment transaction, I think you'd be better find an ecommerce or something, someone who knows "how and what"...

P.S.
These are my personal thoughts based on what I witness on the internet. I can be wrong, never had any experiences with "shops".

[ccsakuweb]

Thanks a lot V@no, now I know what to do in some sides. Of course I will use an ecommerce system. But I only know Paypal. I will search it, so if I find something I will let you know for future interesting people.

A little question. Is secure save pass and user with md5? and i have thought to save ip from the user and if the ip is diferent i will request him the user and pass.

[Nicky]

http://www.hotscripts.com/PHP/Scripts_and_Programs/E-Commerce/index.html

[ccsakuweb]

Thank you very much Nicky