> What I'm looking to do is when a user logs in, I start up the > session.. I > then have the registered session var to verify they are > authenticated as > they move throughout the site. > > Now, when they close the browser and come back, I want them > to still be authenticated.
I don't think this can be a "secure" authentication. By relying on a cookie for the authentication, the computer is being authenticated, not the user. So anyone using the machine will be seen as "authenticated". Anyone who finds the cookie on a particular machine can place it on their own machine, then their machine becomes authenticated. If you need secure, real authentication, proof of the user's identity, the user has to be asked to login each visit, IMO. In theory, only they know their username and password. Am I understanding the goal? Kirk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
