Sessions make life so much eaiser, in my opinion.  I used to do what you do, passing 
from one page the next.  Now, when a user successfully logs in, ONE line of code 
passes all the necessary variables from page to page without me having to do a damn 

I don't personally see TOO much wrong with passing the encrypted password along, 
especially since you aren't displaying it in the URI's query string.  BUT, if someone 
DID get a hold of the encrypted password, they can run millions of words through md5() 
until one matched.  I would hope that people aren't bored enough to do that, but past 
actions have proved that wrong.

The magic line:  session_start().  That's it.  It holds ALL information about the 
session, and makes my life SO much eaiser.



>>> "Peter" <[EMAIL PROTECTED]> 07/03/02 03:32PM >>>
On my site, when a user logs in, their password is encrypted using md5() and
the username and encrypted password is then passed from page to page using
hidden form inputs (clicking on a link submits the form using POST).
Does anyone have any comments on this method e.g. security wise? I know I
could use sessions or cookies but is it relly necessary?

PHP General Mailing List (
To unsubscribe, visit: 

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to