hi,
Michiel Meeuwissen wrote:
Pieter Jelle wrote:
After having searched for quite some time, the only solution I can think
of is setting the username and password in a cookie, and after
revisiting the website these values are used to log the user back on.
This, of course, is far from elegant/safe, so if anyone could point me
in the right direction, I'd be very grateful.
This is actually the solution I used a few times too. It is not very
elegant, no, but I don't really see another one, because sooner or later
server or browser will restart, won't they?
If you don't want to store a users name and password in a cookie you
could generate your own session-like id for a user and login with that.
Generate some hard to guess and unique identifier and store that one in
a cookie. This is a huge improvement upon storing a plain-text password.
You could append a random number to the username to get such an
identifier. Or use something like MD5 on username+password.
Simon
_______________________________________________
Developers mailing list
[email protected]
http://lists.mmbase.org/mailman/listinfo/developers
