Page 1 of 1
login/logout
Posted: Tue Apr 13, 2004 6:30 pm
by sutejok
I'm just wondering, what is the best method for creating a website with login/logout function? i.e ppl will be able to login to access certain part of the site.
i tried using the 'session' before and it worked pretty fine. is there a better way?
thx
Posted: Tue Apr 13, 2004 6:36 pm
by d3ad1ysp0rk
Not really. Sessions keep the user logged in until they close their browser or click logout (logout page can have session_destroy() on it).
You can use cookies to keep them logged in even after they close the browser window if you'd like.
Posted: Tue Apr 13, 2004 7:08 pm
by tim
like punk said, sessions would be the best way.
To keep a user logged in (even after they terminate the broswer window) cookies would be a lucious remedy to solve that.
Posted: Tue Apr 13, 2004 11:18 pm
by sutejok
ok..
one more question : is session 'insecure' in any way? is there a way that a person might be able to retreive/set any of the $_SESSION[var] value?
Posted: Wed Apr 14, 2004 1:37 am
by RadixDev
No in that once the session is destoryed it cannot be used but it can be hijacked that is info stolen while the user is logged in. I'm an expert at that so I don't know much but i would encrypt all the sensitive data that you wish to save to session.
Posted: Wed Apr 14, 2004 6:06 pm
by Danzig
http://php.hax.nu/sessions.php
It has been said that sessions are insecure due to the fact that a 3rd party only needs your session id to take over your session. This is 100% true and stated on the php website. So why use them? Because we have no other choice!
Ignore the last part "Because we have no other choice" , the author was most likely hit on the head when he wrote that phrase.