I have been reading about logging into, storing passwords and username.
Storing password in cookie is BIG NO.
So I chose to store only username in cookie, that is fine I guess. I stored it into cookie so I can access it easily and handle "Remember Me" option.
But what about password if I want to identify user by SELECT * FROM databse WHERE username='$_COOKIE[]' AND password=''
I was thinking about SESSION. I can store password in session, not safe but fine. But problem is what when user close browser and reopen it. they will stay logged in but session will be gone, so everytime I have to check if there is SESSION[pass] set if not, select it from database and set it.
That is my solution, can anyone suggest me maybe more adequate solution?
Fact is, there is no super secure system and if someone really wants to break into they will succeed.