Page 1 of 1

login matter

Posted: Wed Jul 04, 2007 10:16 pm
by cade
How do [s]u[/s] you guys practise for login matters.

As for mine, I used to set the cookie for login user and redirect them to the appropriate page. I don't use the SSL. What I'm worrying is if there is any security hole....When user log out, I simply set the cookie to null value and redirect them with header location. Header location is the method I used for login and logout.... Should I redirect user after user is logged in?

Is any standard practice for the matters? Appreciate if you give some thoughts
[url=http://forums.devnetwork.net/viewtopic.php?t=30037]Forum Rules[/url] Section 1.1 wrote:11. Please use proper, complete spelling when posting in the forums. AOL Speak, leet speak and other abbreviated wording can confuse those that are trying to help you (or those that you are trying to help). Please keep in mind that there are many people from many countries that use our forums to read, post and learn. They do not always speak English as well as some of us, nor do they know these aberrant abbreviations. Therefore, use as few abbreviations as possible, especially when using such simple words.

Some examples of what not to do are ne1, any1 (anyone); u (you); ur (your or you're); 2 (to too); prolly (probably); afaik (as far as I know); etc.

Posted: Wed Jul 04, 2007 10:57 pm
by superdezign
Cookie can be easily altered client-side. With logins, you want to keep as much out of user control as possible.

Posted: Wed Jul 04, 2007 11:06 pm
by cade
Last time when I used $_SESSION it work on local. But when park on the server, it seems to have a problem with header location. So I switch with setCookie..

Posted: Wed Jul 04, 2007 11:09 pm
by feyd
session_write_close() may be of interest.

Posted: Wed Jul 04, 2007 11:28 pm
by cade
where to place it. I have tried place right after set the session ...but it didn't work