if it's a risk then it's in my never get into the practice of doing this
category.
Passwords should always be used to verify and discarded. never saved in any
form which can be seen directly or decoded.
And true $_SESSION isn't a cookie.. however there are some systems that a
cookie is used like a session. in both cases I'd personally feel uneasy
storing a password like that.
On Friday 11 November 2005 12:23 pm, Richard Lynch wrote:
> He's not storing the password in a Cookies.
>
> He's storging it in a $_SESSION
>
> Which is still a Risk, especially on a shared server, but it's not
> necessarily in the category of "Never do this"
>
> On Fri, November 11, 2005 9:48 am, Stephen Leaf wrote:
> > For security.. *never* store the password in a cookie..
> > if you must... instead do some sort of encryption on it and some other
> > value
> > store that and use it for verification.
> >
> > On Friday 11 November 2005 05:43 am, sunaram patir wrote:
> >> Hi, i am having problem with internet explorer. i am working on a
> >> project on building a website where i need to keep track of the
> >> users
> >> i.e. i use a login system in there in short. with the following code
> >> i
> >> check whether the user is logged in or not.
> >> <?php
> >> session_start();
> >>
> >> $_SESSION['myurl']=$_SERVER['PHP_SELF'];
> >> if(!isset($_SESSION['student_username']) &&
> >> !isset($_SESSION['student_password']))
> >> header("Location: login.php");
> >> ?>
> >>
> >> if the user is not logged in, it redirects to the login page
> >> login.php
> >> as is shown in the above code. now the user is allowed to log in
> >> through the following code:
> >>
> >>
> >> <?php
> >> session_cache_limiter('private_no_expire');
> >> session_set_cookie_params(0,"/","schools.zenrays.com");
> >> session_start();
> >> $auth=false;
> >> ................
> >> ................
> >> ................
> >>
> >> if($auth){
> >> $_SESSION["student_username"]=$Effectivelogin;
> >> $_SESSION["student_password"]=$pass;
> >> if(isset($_SESSION['myurl']))
> >> header("Location:
> >> http://schools.zenrays.com".$_SESSION['myurl']); else
> >> header("Location: http://schools.zenrays.com/students";);
> >>
> >> }
> >>
> >> it works fine in firefox and msn explorer. in internet explorer,
> >> when
> >> i visit to a
> >> link in any page it asks for the login details again. could anyone
> >> please help me out?!
> >> regards,
> >> sunaram
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
>
> --
> Like Music?
> http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
