I work with double cookie to add a "security"... If the user try to change de sessionId, I check with the current sessionId stored into my own cookie.. But.. It may not to be usefull... :) The cookie is basically a crypted copy of the session content (with a different encryption method). I'm looking for a good way to protect a private part of a site and... I was thinking this method would be more efficient than only the session cookie.. But ... perhaps I'm on the bad way...
"John W. Holmes" <[EMAIL PROTECTED]> a écrit dans le message de news: 002501c27e08$40567040$[EMAIL PROTECTED] > > I would know what did you think of my method to prevent 'piracy'.. > > > > I do like this : > > > > - A Session is made for each user > > In the session, put 2 value : a flag "userlogged" and the userId > > - In a cookie, I put the session Id and an unique crypted value. > > If you're using sessions, there is already a cookie with the session id > in it. Why are you storing crypted values in a cookie? Why not just add > the values to the session and not worry about encrypting it? > > ---John Holmes.... > > > > > When user go on private parts of the site, > > I check the session, the cookie and database fields for the user.. > > The crypted data contains some user values (the encryption is done > with > > mcrypt lib). > > > > Is it a good way or is there a better way (without SSL)... ? > > > > Regards, > > P.E. Baroiller > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
