1
So, my doubt is the following, which is the best method to create a login "session" for the user.
I learned to create this session using JWT in cookie, however the cookie is accessible by the browser, and there is some information like the 'id' user that I use to give some SELECT
on the website.
I did validation, I even put up an encryption a friend sent me, which made it safer to just use Base64.
But I can do the same thing using SESSION.
What is the best method to create this "logged in" status and why?
I ask this question because I want to learn the easiest method for the server, and the safest, I don’t feel as comfortable as letting the user access the information in the cookie.
Your question has been answered here: https://answall.com/questions/115190/qual-a-diferen%C3%A7a-entre-Sessions-e-cookies, here: https://answall.com/questions/38920/o-que-guardar-uma-sess%C3%A3o-login? Rq=1, here: https://answall.com/questions/33664/remin-usu%C3%A1rio-com-segura%C3%A7a? Rq=1, here: https://answall.com/questions/3571/qual-a-bestmaneira-de-cria-um-systems-de-login-com-php?noredirect=1&lq=1, and perhaps several other questions in the session "Related" on the right side of the question (and that was suggested to you when opening it, but you did not read).
– LipESprY