Laravel 4- Implemeting a the user authetication for SPA "user identity"/"user" identity

Question

I am new to Web-Development and am currently using Laravel 4

Question

Should I be using Cookies or Sessions for my user authentication? I will need the site to:

• Display currently logged in user

• Behave differently on some pages depending on the user

  I am thinking of just adding another cookie and then using that cookie for every request that way I could retrieve the user's identity and use it for both displaying the name and behaving accordingly depending on the route.

  Can I do this? And the just "mask it" (with some encryption) and then just "decode it" in my views?

Background:

• I am working with Confide/Entrust
• I am building a SPA
• Data driven website/Many users
• Working with Backbone JS

I have installed an authentication package and am now able to log people in. I can limit people's movement to specific areas of the site by testing to see if they are a guest but that is the extent of my understanding.

Answer 1

I wouldn't say this is laravel specific.

I would recommend that any sensitive data be stored in a session as it's stored on the server and not the user computer. The problem with cookies is they can't be relied on since the user can manipulate then and even delete.

Cookies to me are meant for things like remembering a user or a longer term storage for non sensitive data.

The way I normally do things is once a user has successfully authenticated store information I need about the user while they are logged in. In laravel 4 it's easy Session::put('key', 'value');