A way i've done things like this is to setup sessions, and
when a user logs in correctly, issue a randomly generated
value "id" and set that as a cookie. in the database,
there's a row "id" (same as the cookie) that holds the
user name and any other data that i might want to store.
Since none of the user's information is being saved as
cookies, and the "id" number is mostly random, it seems
to be a pretty secure way of knowing who is valid.
> -----Original Message-----
> From: Phillip S. Baker [mailto:[EMAIL PROTECTED]]
> Sent: Monday, February 18, 2002 9:18 PM
> To: PHP Email List
> Subject: [PHP] Logging Users In - What is the Best Way
> Okay Gents and Ladies,
> I am looking for more information on how best to do this.
> I have a MyQSL back end.
> It houses a users user_name and password.
> I have a secure area of the site that I only want members to view.
> The way I have it now is that the user logs in.
> If user_name and password match cookies are set.
> Each page in the secure are checks for a variable in the cookie. If set the
> user can view the page, if not set the page redirects back to the login page.
> Now first question is - how secure is this?
> Second question - what is a better more secure way to handle this. Then
> most importantly where do I get information on how to go about doing that?
> I know nothing about sessions and would need some good links for that arena.
> Also I do not know much of anything about Object Oriented Programming.
> Thanks for the feedback.
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php