For the sake of security, scalability and flexibility, the website shouldn't save user-information in the $_SESSION variable and instead should use a token-based approach. This includes creating a new table in the database for said token.
Steps the system should take:
The user submits his/her information in a login form.
On successful login, the server generates an unique token and is stored in a "token" table in the database.
The token is sent back to the user and stored in $_COOKIE using setcookie function.
When the server loads a page, use the $_SERVER['HTTP_AUTHORIZATION'] to check if token exists
If token exists, use DB query to check if token exists in DB and if it's expired or not.
For the sake of security, scalability and flexibility, the website shouldn't save user-information in the $_SESSION variable and instead should use a token-based approach. This includes creating a new table in the database for said token.
Steps the system should take: