-----BEGIN PGP SIGNED MESSAGE-----
I'm setting up a site using sessions right now, and I was just wondering if
there is a way to ignore anything from the client side- I want them to POST a
username and password, from there all data should be handled on the server.
I'm already using the query string to avoid cookies, but I want to make sure
that if the user _does_ have cookies on, any change in the data will be
ignored by the server. Any suggestions?
Basically, I think it would be a lot more efficient for me to set a
_SESSION['logged_in'] variable once than query the database for every page,
but I don't know if it would be secure or not- I don't want someone setting
the logged_in variable in their cookie, then getting full access to the
If you would be a real seeker after truth, you must at least once in your life
doubt, as far as possible, all things.
- -Rene Descartes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
-----END PGP SIGNATURE-----
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php