On Sat, 2004-02-14 at 13:48, Philip J. Newman wrote: > Whats the best information to add to a session to say a user is logged in? > > I currently have $siteUserLogIn="true"; > > anything else that I could add to beef up security?
For storing user status use whatever fits your application best. I save an instance of my user class in the session and use it to check if I have a logged in user. If it is set then that is the user, if not then the session is not logged in. To beef up security I use a combination of the session id (cookies only) and set an additional cookie that contains a random sequence. This acts like an initialization vector does in cryptography. It is always a random sequence and never contains any identifying information about the user. -- Adam Bregenzer [EMAIL PROTECTED] http://adam.bregenzer.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
