1

I am new to Web-Development and am currently using Laravel 4

Question

Should I be using Cookies or Sessions for my user authentication? I will need the site to:

  • Display currently logged in user

  • Behave differently on some pages depending on the user

    I am thinking of just adding another cookie and then using that cookie for every request that way I could retrieve the user's identity and use it for both displaying the name and behaving accordingly depending on the route.

    Can I do this? And the just "mask it" (with some encryption) and then just "decode it" in my views?

Background:

  • I am working with Confide/Entrust
  • I am building a SPA
  • Data driven website/Many users
  • Working with Backbone JS

I have installed an authentication package and am now able to log people in. I can limit people's movement to specific areas of the site by testing to see if they are a guest but that is the extent of my understanding.

kris kaman
  • 101
  • 1
  • 8

1 Answers1

0

I wouldn't say this is laravel specific.

I would recommend that any sensitive data be stored in a session as it's stored on the server and not the user computer. The problem with cookies is they can't be relied on since the user can manipulate then and even delete.

Cookies to me are meant for things like remembering a user or a longer term storage for non sensitive data.

The way I normally do things is once a user has successfully authenticated store information I need about the user while they are logged in. In laravel 4 it's easy Session::put('key', 'value');

Nick
  • 676
  • 9
  • 22
  • Thanks. But I understand it sessions will be deleted after the browser closes right? What if they close tab and then come back? – kris kaman Dec 22 '13 at 00:27
  • No you can set how long the session lasts in `app/config/session.php` checkout the lifetime key in the session array. I just tested in my browser using an app I built. I logged in, closed the browser, reopened browser and my session was still active. – Nick Dec 22 '13 at 05:00
  • Thank you~ That was exactly what I needed. ---- I Want my site patrons to be able to comeback whenever and still be able to just jump back in :) – kris kaman Dec 23 '13 at 16:55