> (not really authenticating, you lost me)
Just putting the password in the session doesn't
authenticate a user which I don't know why someone
would want to do this but I could see that someone
might want to "re-login". Putting something in the
session really doesn't have anything to do with
authentication except that when a user is authenticated
typically a new session is created.
>From Mark's email:
"...they have to log in again with the new password..."
After changing their password they still have a valid
session so there SHOULD be no need to re-authenticate
but there may be special case applications in which a
developer would need to do so.
In addition, it really not a good idea to store a
password in a session(even if encrypted). It's just
a bad practice in general.
---
Michael Wentzel
Software Developer
Software As We Think - http://www.aswethink.com
