login/logout

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
sutejok
Forum Commoner
Posts: 37
Joined: Wed Mar 24, 2004 4:08 pm

login/logout

Post by sutejok »

I'm just wondering, what is the best method for creating a website with login/logout function? i.e ppl will be able to login to access certain part of the site.

i tried using the 'session' before and it worked pretty fine. is there a better way?

thx
d3ad1ysp0rk
Forum Donator
Posts: 1661
Joined: Mon Oct 20, 2003 8:31 pm
Location: Maine, USA

Post by d3ad1ysp0rk »

Not really. Sessions keep the user logged in until they close their browser or click logout (logout page can have session_destroy() on it).

You can use cookies to keep them logged in even after they close the browser window if you'd like.
User avatar
tim
DevNet Resident
Posts: 1165
Joined: Thu Feb 12, 2004 7:19 pm
Location: ohio

Post by tim »

like punk said, sessions would be the best way.

To keep a user logged in (even after they terminate the broswer window) cookies would be a lucious remedy to solve that.
User avatar
sutejok
Forum Commoner
Posts: 37
Joined: Wed Mar 24, 2004 4:08 pm

Post by sutejok »

ok..

one more question : is session 'insecure' in any way? is there a way that a person might be able to retreive/set any of the $_SESSION[var] value?
RadixDev
Forum Commoner
Posts: 66
Joined: Sun Mar 14, 2004 11:27 am
Location: U.K.

Post by RadixDev »

No in that once the session is destoryed it cannot be used but it can be hijacked that is info stolen while the user is logged in. I'm an expert at that so I don't know much but i would encrypt all the sensitive data that you wish to save to session.
Danzig
Forum Newbie
Posts: 5
Joined: Fri Apr 02, 2004 6:24 am

Post by Danzig »

http://php.hax.nu/sessions.php
It has been said that sessions are insecure due to the fact that a 3rd party only needs your session id to take over your session. This is 100% true and stated on the php website. So why use them? Because we have no other choice!
Ignore the last part "Because we have no other choice" , the author was most likely hit on the head when he wrote that phrase.
Post Reply