Vladimir S. Tikhonjuk <[EMAIL PROTECTED]> [03-08-2006 13:51]: > The second method: simple handler, for example > http://localhost/login, which checks login and password, If everything > is O.K. make session, send cookie with session id. And another handler > which checks every reqest for Cookie with session id and desided whether > to give access or not.
> Disadvantage (as I think) of first method: before every request make > SQL query to the database for varification login and password. You have to do a query to check if the session is valid anyway. Valid: exists, hasn't expired, client's IP matches (ID might have been stolen somehow), etc. With persistent database connections and prepared statements it doesn't hurt that much in terms of performance. Just make sure you're not checking what you don't have to (images, *.css, etc). -- Radosław Zieliński <[EMAIL PROTECTED]>
pgpLOzrRB12Mi.pgp
Description: PGP signature
