So the user comes to the site and they're presented with a log in page.
They enter they're username and password and php checks a mysql database
for a matching username and password.
If there is a match, it responds with 1 line found. If no match, it
responds with 0 lines found.
In the case of a match, php then sets a cookie on their browser with a
value of 1 for authenticated and 0 for not authenticated. Every
subsequent page the user views checks the status of this cookie and if
it's a zero it kicks them back to the log in page. This
cookie expires in 5 days and after that they'll have to log in again.
I'm aware that this is terribly easy to circumvent by creating/modifying a
cookie with the 1 value and the site thinks you've passed muster.
What is a better way of doing this?


A Linux user since 1999.

PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to