session authentication with cookie and ip check
Posted: Thu Jul 03, 2003 2:58 pm
is this the correct way to go about doing it?
1. create a session and grab the session ID
2. this session ID is already a MD5 hash but I MD5 it again (dunno why it's just my thing).
3. get I.P of user and MD5 it
4. store the encrypted session ID and encrypted I.P in temp table in database
5. create a cookie on the client machine and store their encrypted session ID and encrypted I.P.
6. check details from the cookie against details in the database if they match bob's your aunty.
How would records get deleted from the temp database, if I have no access to cron jobs?
any ideas?
1. create a session and grab the session ID
2. this session ID is already a MD5 hash but I MD5 it again (dunno why it's just my thing).
3. get I.P of user and MD5 it
4. store the encrypted session ID and encrypted I.P in temp table in database
5. create a cookie on the client machine and store their encrypted session ID and encrypted I.P.
6. check details from the cookie against details in the database if they match bob's your aunty.
How would records get deleted from the temp database, if I have no access to cron jobs?
any ideas?