There's a good article on authentication at phpbuilder.com http://www.phpbuilder.com/columns/tim20000505.php3
that may provide an idea or two. ----- Original Message ----- From: "Chad Day" <[EMAIL PROTECTED]> Newsgroups: php.general To: <[EMAIL PROTECTED]> Sent: Tuesday, July 16, 2002 10:30 AM Subject: Sessions / logins / cookies / security > I asked something similar a little while ago, but didn't do a good job > clarifying. > > What I'm looking to do is when a user logs in, I start up the session.. I > then have the registered session var to verify they are authenticated as > they move throughout the site. > > Now, when they close the browser and come back, I want them to still be > authenticated. Obviously, I have to set a cookie. But what do I set? Do I > set just their user ID? The MD5 of their password? What's the most secure > way, that's not easily spoofed? I don't know that much about cookies, but > if I just use a user ID, couldn't someone just change that ID value and > 'become' another user? > > Thanks for any advice, > Chad > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php