login matter

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
cade
Forum Commoner
Posts: 55
Joined: Tue Jul 03, 2007 8:18 pm

login matter

Post by cade »

How do [s]u[/s] you guys practise for login matters.

As for mine, I used to set the cookie for login user and redirect them to the appropriate page. I don't use the SSL. What I'm worrying is if there is any security hole....When user log out, I simply set the cookie to null value and redirect them with header location. Header location is the method I used for login and logout.... Should I redirect user after user is logged in?

Is any standard practice for the matters? Appreciate if you give some thoughts
[url=http://forums.devnetwork.net/viewtopic.php?t=30037]Forum Rules[/url] Section 1.1 wrote:11. Please use proper, complete spelling when posting in the forums. AOL Speak, leet speak and other abbreviated wording can confuse those that are trying to help you (or those that you are trying to help). Please keep in mind that there are many people from many countries that use our forums to read, post and learn. They do not always speak English as well as some of us, nor do they know these aberrant abbreviations. Therefore, use as few abbreviations as possible, especially when using such simple words.

Some examples of what not to do are ne1, any1 (anyone); u (you); ur (your or you're); 2 (to too); prolly (probably); afaik (as far as I know); etc.
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

Cookie can be easily altered client-side. With logins, you want to keep as much out of user control as possible.
cade
Forum Commoner
Posts: 55
Joined: Tue Jul 03, 2007 8:18 pm

Post by cade »

Last time when I used $_SESSION it work on local. But when park on the server, it seems to have a problem with header location. So I switch with setCookie..
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

session_write_close() may be of interest.
cade
Forum Commoner
Posts: 55
Joined: Tue Jul 03, 2007 8:18 pm

Post by cade »

where to place it. I have tried place right after set the session ...but it didn't work
Post Reply