php change session to cookie

Question

Thank you for reading. I have successfully made php file that does sign up and sign in part. But, I need to change SESSION to COOKIE. Just replacing SESSION to COOKIE doesn't seem to be working. How do I change SESSION to COOKIE and make the function works exactly the same as SESSION?

Register.php :

include 'config.php';

if(isset($_SESSION['username'])!="")
{
  header("location: welcome.php");
}

if(isset($_POST['submit']))
{
    $sql = "INSERT INTO user (username, password) VALUES ('".$_POST["username"]."','".$_POST["password"]."')";
    if (mysqli_query($con, $sql)) 
    {
    $_SESSION['username'] = $_POST["username"];
    header("location: login.php");
    } 
    else
    {
      echo "Error: " . $sql . "<br>" . mysqli_error($conn);
    }
}

?>

login.php :

<?php
include("config.php");
session_start();

if(isset($_SESSION['username'])!="")
{
  header("location: welcome.php");
}

if (mysqli_connect_errno())
{
   echo "MySQLi Connection was not established: " . mysqli_connect_error();
}

if(isset($_POST['login']))
{
   $username = mysqli_real_escape_string($con,$_POST['username']);
   $password = mysqli_real_escape_string($con,$_POST['password']);

   $sel_user = "SELECT * FROM user WHERE username='$username' AND password='$password'";
   $run_user = mysqli_query($con, $sel_user);

   $check_user = mysqli_num_rows($run_user);

   if($check_user>0){
      $_SESSION['username']=$username;
      $_SESSION['loggedIn'] = true;
      echo "<script>window.open('index.php','_self')</script>";
   }
   else {
      echo "<script>alert('username or password is not correct, try again!')</script>";
   }

}

?>

This is already horribly insecure due to sql injection problems and the plain text password and now you want to make it even worse so that anybody who sends a `username` and a `loggedIn` cookie is automatically logged in? You really shouldn't do that... — jeroen, Apr 29 '16 at 10:11
Possible duplicate of [php change sign in to sign out after user signs in](http://stackoverflow.com/questions/36943107/php-change-sign-in-to-sign-out-after-user-signs-in) — A.L, Apr 29 '16 at 16:58

score 0 · Answer 1 · answered Apr 29 '16 at 10:22

You have manye function to use Cookies in php in they are littel kind different then Session.

To set a coockie :

setcookie("Name_Of_Your_Cookie", "Value");

You can alternatively use a third parameter if you want set an automatic expire time (An example if you wan't automaticly expitre your Coockie after one week)

setcookie("Name_Of_Your_Cookie", "value", time()+60*60*24*7);

To check the value of your coockie you use it like a session, example below :

if(isset($_COOKIE['Name_Of_Your_Cookie'])) echo "Welcome ".$_COOKIE['Name_Of_Your_Cookie'];
else header('Location: ./login.php');

To unset your cookie (Deconnexion part), you have two suggestion :

unset($_COOKIE['Name_Of_Your_Cookie'];

Or set a past time of validity (the cookie will be considered as obsolet)

setcookie("Name_Of_Your_Cookie", "value", time()-1);

If you want more detail, you have a great documentation available on PHP official site, here: http://php.net/manual/fr/features.cookies.php

Hope that help you

where in my code do I put setcookie("Name_Of_Your_Cookie", "Value") ? — Eric, Apr 29 '16 at 12:55
Replace this line with it $_SESSION['username'] = $_POST["username"]; — n.medelmehdi, Apr 29 '16 at 14:37

score 0 · Answer 2 · answered Apr 29 '16 at 13:17

Try This

NB : It's not a good sense to store sensitive credentials like username,password,pin etc. as a cookie, SESSION is more secure than COOKIE..

Register.php

<?php
include 'config.php';
if(isset($_COOKIE['AuthVal']))
       unset($_COOKIE['AuthVal']);

if(isset($_POST['submit']))
{
    $sql = "INSERT INTO user (username, password) VALUES ('".$_POST["username"]."','".$_POST["password"]."')";
    if (mysqli_query($con, $sql)) 
    {
    // COOKIE will be there in browser upto 30 days
    setcookie ('AuthVal', 'username='.$_POST['username'].'&loggedIn=true', time() + (3600 * 24 * 30));
    header("location: login.php");
    } 
    else
    {
      echo "Error: " . $sql . "<br>" . mysqli_error($conn);
    }
}
?>

login.php

<?php
include("config.php");

if(isset($_COOKIE['AuthVal']))
   parse_str($_COOKIE['AuthVal']);


if(isset($username) && $username != "" && isset($loggedIn) && $loggedIn == "true"){
   header("location: welcome.php");
   exit;
}

if (mysqli_connect_errno())
   echo "MySQLi Connection was not established: " . mysqli_connect_error();

if(isset($_COOKIE['AuthVal']))
       unset($_COOKIE['AuthVal']);

if(isset($_POST['login']))
{
   $username = mysqli_real_escape_string($con,$_POST['username']);
   $password = mysqli_real_escape_string($con,$_POST['password']);

   $sel_user = "SELECT * FROM user WHERE username='$username' AND password='$password'";
   $run_user = mysqli_query($con, $sel_user);

   $check_user = mysqli_num_rows($run_user);

   if($check_user>0){
      // COOKIE will be there in browser upto 30 days
      setcookie ('AuthVal', 'username='.$_POST['username'].'&loggedIn=true', time() + (3600 * 24 * 30));
      echo "<script>window.open('index.php','_self')</script>";
   }
   else {
      echo "<script>alert('username or password is not correct, try again!')</script>";
   }

}    
?>

php change session to cookie

2 Answers2