> It would be possible to do this if I then created another table to load > their profile data to and use the unique id as the identifier. It would > make it alot harder for someone to guess an ID. I would then need a way to > flush out their records from the second table when they are finished. > Easily enough done using a logout script but who actually does this > anymore. It would be possible to create a script to run through cron to > delete records from that table that are more than say 30 minutes old.
Yeah, that would be a good way to do it. Save a timestamp along with the unique identifier. Update the timestamp whenever the user does something. Then delete the unique identifier if the timestamp ever gets to be more than X minutes old (cron is best way for that). What you are basically doing, though, is recreating sessions with the trans_sid enabled. PHP will go through your code for you and automatically add the session ID to all URLs and forms. You can turn off cookies in php.ini, too, so you have to use the URL method. Only setback is that PHP must be compiled a certain way (--enable_trans_id or something) for it to work. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
