Here is my table structure:
// users
+----+--------+------------------------+------------------+-------------------------------+
| id | name | email | cookie | /* some other columns */ |
+----+--------+------------------------+------------------+-------------------------------|
| 1 | Jack | jack0948@gmail.com | ojer0f934mf2... | |
| 2 | Peter | P_2009@ymail.com | ko4398f43043... | |
| 3 | John | mx_pro34@gmail.com | 0243hfd348i4... | |
+----+--------+------------------------+------------------+-------------------------------+
cookie column contains a string (as the cookie which keeps the user logged) that is also set into user's devices. As you see, I have just one string (as the cookie) for each user. So all user's devices have an identical cookie.
What's my question: The most of professional programmer tell me:
It would be safer if each device had its own cookie (the cookie of each device should be different than the cookie of other devices, not a constant cookie for all devices)
Well why? What's wrong with having an identical cookie for all devices? Also as you see I have just one record for the cookie in the database. So if I update that record for new device, then the previous device(s) will be log out.
I guess that by cookie, you mean session id. Cookies can represent anything actually.
You should never store a session id in the database. Session ids are temporary values that should change on each new session. By storing them, you expose yourself to several problems :
By having a session id generated on each new session, you avoid those problems. But this means that your devices may not have the same session id for the same user.
What you are actually doing here, by storing the session id, is NOT a session id. It's a password, stored in plain text. And that is very wrong.