Ken, I didn't believe you that IE was so stupidly implemented until I tried
it myself. You are right, IE 5 rememebers the password even though I hit
CANCEL on the re-authenticate prompt. And it remembers the password even
when I close all browser windows.
If you decide to store authentication in the session, a good way to
generate a 32 character "token" is md5(uniqid(rand())). You store a copy
of this token in your database (with some expiration time) and give a copy
of it to the user (either in the session or in a plain old cookie).
For me to implement log-out is not so easy because I am using .htaccess. I
guess I'll just require the crypt() of the PW to be in a cookie. Logout
will just put garbage into the cookie. Hopefully no one will discover that
they can hijack someone elses login by just deleting the cookie. :-(
John Henckel alt. mailto:[EMAIL PROTECTED]
Zumbro Falls, Minnesota, USA (507) 753-2216
http://geocities.com/jdhenckel/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
