Login Routine
Moderator: General Moderators
-
pennythetuff
- Forum Newbie
- Posts: 22
- Joined: Sun Feb 19, 2006 6:05 pm
- Location: Kokomo, Indiana
Login Routine
I'm working on a site, I'm implementing a user area, and I need a login. I was just wondering how most of you guys do logins. I know it isn't a good idea to assume they're logged in by setting a session to a boolean value. Here's what I'm thinking.
Whenever a user is logged in update a 12 character random "key" column in the database (hash it maybe), and pass the user_id and the key to a login check routine via a session variable.
This way a user can't do a session hack and set a login session to true, and every time a user logs in it will give them a completely random and unique temporary password that changes with every login.
I don't know... just a thought.
Whenever a user is logged in update a 12 character random "key" column in the database (hash it maybe), and pass the user_id and the key to a login check routine via a session variable.
This way a user can't do a session hack and set a login session to true, and every time a user logs in it will give them a completely random and unique temporary password that changes with every login.
I don't know... just a thought.
- nickman013
- Forum Regular
- Posts: 764
- Joined: Sun Aug 14, 2005 12:02 am
- Location: Long Island, New York
-
pennythetuff
- Forum Newbie
- Posts: 22
- Joined: Sun Feb 19, 2006 6:05 pm
- Location: Kokomo, Indiana
- nickman013
- Forum Regular
- Posts: 764
- Joined: Sun Aug 14, 2005 12:02 am
- Location: Long Island, New York
-
muckyrabbit
- Forum Newbie
- Posts: 2
- Joined: Sun Feb 26, 2006 2:22 am
Here's what your suggesting, as i see it.
User logs in using user name and password. Once this is confirmed against the database, a random key is generated, stored in the database, then returned, along with the user_id, and stored in the session.The conbination of the two can then be checked against the db to ensure a valid login?
Sounds like a good idea to me. Dont imagine it would slow down the website to much, and a random key generater would be easy to create.
User logs in using user name and password. Once this is confirmed against the database, a random key is generated, stored in the database, then returned, along with the user_id, and stored in the session.The conbination of the two can then be checked against the db to ensure a valid login?
Sounds like a good idea to me. Dont imagine it would slow down the website to much, and a random key generater would be easy to create.
-
pennythetuff
- Forum Newbie
- Posts: 22
- Joined: Sun Feb 19, 2006 6:05 pm
- Location: Kokomo, Indiana
- jayshields
- DevNet Resident
- Posts: 1912
- Joined: Mon Aug 22, 2005 12:11 pm
- Location: Leeds/Manchester, England