> The method I was thinking about before was to pass
> the md5 hash of the password around, as the passwords
> are already md5'ed in the DB. Your method seems more
> secure as you use a totally spiced-up and personalized
> encryption engine.
Why are you passing the password around, hashed or not, in the first place?
Just have a yes/no flag for whether the session is an authenticated user or
Is there any particular reason why you'd need to reauthenticate on every
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php