Page 1 of 1

PHP/MySQL Login

Posted: Fri Nov 17, 2006 12:32 pm
by amir
Should the following be used to see if a user is logged in:

1)

Code: Select all

Login Page: set $_SESSION['login']
to 1 if they were authenticated
2) Member Pages: check session variable

Code: Select all

session_start();
if($_SESSION['login']==1)
#logged-in, continue


Should the username/password be stored in session variables and re-checked against the database every time they issue a task or is this good enough?

TIA!

Posted: Fri Nov 17, 2006 1:35 pm
by feyd
The answer is: it depends on your security needs.