Hi,
I'm using a session for my login system. So the session will keep the
user's username and password. My question is if we able to retrieve the
session back (for another page), is it necessary to check the username and password
against
the database ?
I do not want to have unnecessary
I usually use random numbers, and keys for things like this, for
example:
I have a users table in a database set up like this:
id integer auto increment primary key
usernamevarchar(32)
passwordvarchar(32)
rand_keyfloat
this way I can set the users cookie
On Mon, Jun 24, 2002 at 10:03:09AM -0600, [EMAIL PROTECTED] wrote:
Niko,
If you don't want to compromise security then use .htaccess instead. Then base
your session
file off of the $ENV{'REMOTE_USER'}. Now of coarse this is assuming you are using
Apache. Then yes
you do need to check