Re: [PHP] Authentication with sessions - Recommendation and suggestions?

2002-02-14 Thread Erik Price 


On Wednesday, February 13, 2002, at 08:51  PM, Harry Yu wrote:

> Can anyone give me any suggestions or recommendations?
>  Is there any security concerns?  Also, the session
> files are in a directory that is not world readable.

I just set up my own first authentication system, and it works very 
similar to yours.  I think you should turn register_globals off if you 
really want security.  PHP 4.1.0 has some neat shortcuts to make your 
life easier if you do this.


Erik




Erik Price
Web Developer Temp
Media Lab, H.H. Brown
[EMAIL PROTECTED]


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Authentication with sessions - Recommendation and suggestions?

2002-02-13 Thread Harry Yu 

Hi All,

I'm trying to setup an authentication process and
sessions to protect some of my pages for valid users
only.  The following are what I had in mind:

login.php--
Protected
Page"

} else {

header ( "location: http://server/login_page.php\n\n";
);

}

?>

protected_page.php
http://server/login_page.php\n\n";
);

}


Can anyone give me any suggestions or recommendations?
 Is there any security concerns?  Also, the session
files are in a directory that is not world readable.

Thanks in advance,
Harry

__
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php