Anyone? Can someone at least point me to some web article for recommendations? I saw some examples where a password variable was stored, but is that really safe (as long as I MD5 it first?)
Chad -----Original Message----- From: Chad Day [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 12:30 PM To: [EMAIL PROTECTED] Subject: [PHP] Sessions / logins / cookies / security I asked something similar a little while ago, but didn't do a good job clarifying. What I'm looking to do is when a user logs in, I start up the session.. I then have the registered session var to verify they are authenticated as they move throughout the site. Now, when they close the browser and come back, I want them to still be authenticated. Obviously, I have to set a cookie. But what do I set? Do I set just their user ID? The MD5 of their password? What's the most secure way, that's not easily spoofed? I don't know that much about cookies, but if I just use a user ID, couldn't someone just change that ID value and 'become' another user? Thanks for any advice, Chad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
