no, it works also if your user has cookies disabled.
"Jaxon" <[EMAIL PROTECTED]> schrieb in im Newsbeitrag:
[EMAIL PROTECTED]
> Does this depend on cookies?
>
> regards,
> jaxon
>
>
> > -----Original Message-----
> > From: Style|warrioR [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, June 22, 2001 5:09 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: [PHP] PHP authenticating and session management
> >
> >
> > I'm not quite sure if this is the perfect way cause I'm pretty new to
this
> > session stuff, too.....
> > but my version looks like this:
> >
> > [login.php]
> > a form with username and password field.
> > submit --> auth.php
> >
> >
> > [auth.php]
> > check if username and password are ok (from a text file or your mysql
> > database) [yes|no]
> > [no] -> echo "bad login or password."; exit;
> > [yes] -> start a session, save username and password in session vars,
> > redirect to userpage
> >
> >
> > lets say your userpages look like "aUsername_blah.php"
> >
> >
> > ["aUsername_blah.php"]
> > include a script on every userpage that checks if login and password are
> > correct [yes|no]
> > [no] -> redirect to login.php
> > [yes] -> display page
> >
> >
> > comments appreciated :)
> > .andi
> >
> >
> >
> >
> >
> >
> > "Arash Dejkam" <[EMAIL PROTECTED]> schrieb in im Newsbeitrag:
> > 9guhbf$msi$[EMAIL PROTECTED]
> > > Hi,
> > >
> > > I want to use PHP session manager but I have some problems,
> > >
> > > I want the session start in a login page so I do this for example:
> > >
> > > after authenticating...
> > > session_start();
> > > session_register("username");
> > >
> > > then I want the user to be able to see his own pages, what do I
> > have to do
> > > in those pages?
> > >
> > > simply check $username and bring up the user's page ? but this makes
it
> > > possible for any hacker to send a cookie with username and see
> > that page.
> > I
> > > know that PHP stores a unique random number for each session
> > but how can I
> > > check that it matches with the number in the cookie.
> > >
> > > help me please I'm really confused !
> > >
> > > Thanks
> > >
> > > Arash Dejkam
> > >
> > >
> > >
> > >
> > >
> > > --
> > > PHP General Mailing List (http://www.php.net/)
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > To contact the list administrators, e-mail:
[EMAIL PROTECTED]
> > >
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
