O/H DeadTOm ??????:
So the user comes to the site and they're presented with a log in page.
They enter they're username and password and php checks a mysql database
for a matching username and password.
If there is a match, it responds with 1 line found. If no match, it
responds with 0 lines found.
In the case of a match, php then sets a cookie on their browser with a
value of 1 for authenticated and 0 for not authenticated. Every
subsequent page the user views checks the status of this cookie and if
it's a zero it kicks them back to the log in page. This
cookie expires in 5 days and after that they'll have to log in again.
I'm aware that this is terribly easy to circumvent by creating/modifying a
cookie with the 1 value and the site thinks you've passed muster.
What is a better way of doing this?


A Linux user since 1999.

The alternative way is probably the sessions which is not really different is you plan to store just an authentication property of 0/1 into the cookie.

The difference is that a session is created that stores some data like e-mail, frontend etc on the server and not in the cookie as described in the previous method. Although in order browser to track down the session sends to the server a session id which should be posted in the "url" or it can be set automatically by php in a cookie :-) .

So you will need to put something in the cookie after all if you choose to do it this way but it would be a session id. However have in mind that you may have more control over sessions because you can configure your server to make great deal of things like say eliminate all sessions every say 5 minutes.

I don't know if this was much of a help.


PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to