A way i've done things like this is to setup sessions, and when a user logs in correctly, issue a randomly generated value "id" and set that as a cookie. in the database, there's a row "id" (same as the cookie) that holds the user name and any other data that i might want to store.
Since none of the user's information is being saved as cookies, and the "id" number is mostly random, it seems to be a pretty secure way of knowing who is valid. > -----Original Message----- > From: Phillip S. Baker [mailto:[EMAIL PROTECTED]] > Sent: Monday, February 18, 2002 9:18 PM > To: PHP Email List > Subject: [PHP] Logging Users In - What is the Best Way > > > Okay Gents and Ladies, > > I am looking for more information on how best to do this. > > I have a MyQSL back end. > It houses a users user_name and password. > > I have a secure area of the site that I only want members to view. > > The way I have it now is that the user logs in. > If user_name and password match cookies are set. > > Each page in the secure are checks for a variable in the cookie. If set the > user can view the page, if not set the page redirects back to the login page. > > Now first question is - how secure is this? > > Second question - what is a better more secure way to handle this. Then > most importantly where do I get information on how to go about doing that? > I know nothing about sessions and would need some good links for that arena. > > Also I do not know much of anything about Object Oriented Programming. > > Thanks for the feedback. > > Phillip > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
