Hi, > The method I was thinking about before was to pass > the md5 hash of the password around, as the passwords > are already md5'ed in the DB. Your method seems more > secure as you use a totally spiced-up and personalized > encryption engine.
*boggle* Why are you passing the password around, hashed or not, in the first place? Just have a yes/no flag for whether the session is an authenticated user or not. Is there any particular reason why you'd need to reauthenticate on every page? Cheers Jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
