-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
* and then Miguel Cruz declared.... > So decide how much hassle it's worth making it (both for yourself and for > your users) and run with it. My feeling would be that a cookie + email > token is enough for anything but high-security or money-based operations; > after those measures the amount of hassle rises steeply. I agree entirely. I've never worked on a user login thingy before so just wondered if I'd missed anything. The user id is stored in a cookie and the email, pass, etc is stored in a db. The only trouble now is what if 2 users share the same computer? Should I provide a 'login as different user'? That seems to invite abuse. The alternative is to not bother as the likehood of 2 people sharing a computer both wanting accounts on my site is minimal: It's good, but not /that/ good! Any opinions on this most welcome ;-) - -- Nick Wilson // www.explodingnet.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) iD8DBQE8/mFGHpvrrTa6L5oRAr94AKCGUwvJBNzJw2LCG9B1lyVjH4GcKwCfa3iC rRf86gMz1yv5yIDjEIRaAK0= =bYBY -----END PGP SIGNATURE----- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php