On Saturday, February 16, 2002, at 03:10 PM, Nigel Gilbert wrote:
> But very many commercial sites, including Apple and Amazon to name two, > do exactly this. When you re-enter the site they 'remember' who you > are using a cookie. In my case, I'm building a multi-player strategy > game and while I want the players to go through an initial briefing the > first time they ever join the game, thereafter they should be able to > get straight into the game if they are still using the same PC. But as > I said, the specifics of my use aren't so important - lots of sites > leave permanent cookies around and the results don't seem to be > catastrophic. The data that these sites leave in their cookies is usually trivial -- things like UserID, or UserName, or something like that. This way they know who you are when you bring up the site again, all the actual data is still stored at the site in a database. It's way too easy for cookies to be intercepted or faked to leave sensitive data in them, like credit card numbers or whatever. If you left game stats and what-not (say, weapons or items or something) in cookies, then an HTTP-aware player could probably give themself quad damage or equivalent whenever they wanted. > The question is still: how to do it? Store all their critical info and stats in a database, and use a cookie to store their name or something. Then, when they get to the site, you can either run a password authentication to make sure that they are who their cookie says they are, or skip that and deal with the fact that some people may change their cookie to be the name of their opponent so that they can play as another character. Sounds like a cool site, good luck Erik ---- Erik Price Web Developer Temp Media Lab, H.H. Brown [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
