Kenneth Downs wrote:
That can only be done if the password is stored on the browser between
requests. No thanks!
At any rate, in principle I believe that sessions are a bad way to do
things, they just have that bag-on-the-side feel. The only permanent
use of a session in Andromeda is to store user information, notably
user_id and password.
Why do you need to store the password?
Once the user has authenticated, their authenticated. You don't need to
keep a password lying around past that point unless you want to make
them re-authenticate each time they access some data. And since your
storing that information on the server, it's somewhat irrelevant to
store it since your already trusting whatever other mechanisms you have
between the user and the server.
Though I would point out that with browsers these days, that password is
gonna be stored on the browser no matter what you do short of embedding
a flash or java applet to process the logon. They save so much
information, the user might have to explicitly confirm saving the
address, but it will be saved.
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
