> you could make them log in once per session and just have > every page check and see if they already have logged in and > if they have not then trigger the login mechanism. >
This is what I do. I have a file/function called verify that I call at the top of every page that I want secure (and any page that might just perform an action and then redirect to a page that displays content). Here is how my authentication system works: 1) On any page a session is started if one doesn't already exist. 2) When they submit they submit login information it is checked against the database. 3) If the login is approved, I session_register() the user_id field, the user_level (if applicable), and a variable called valid. 4) I set valid = to the md5 hash of user_id.user_level.secret_variable (secret variable is a variable set in the code so only the server knows it. 5) on every page the verify function checks to make sure that the variable $valid is equal to the md5 of user_id.user_level.secret_variable (This works because the session knows the user_id, and user_level, and the server knows the secret variable). Hope this helps. -Jackson -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
