Refer:
http://www.php.net/session
http://www.mt-dev.com/2002/07/creating-a-secure-php-login-script/
http://www.mt-dev.com/2002/09/php-login-script/
+++++
@todo Info about other authentications, better link to the login
implementation (above links use obsolete style)
Hm.. I'm currently running things so that when the user logs in, I store
the user's ID as a session variable, then check that ID in every page to
see if the user is logged on, and who it is. Are there any problems with
this scheme?
Cheers,
Nicholas Sherlock
Brent Palmer.
"Nicholas Sherlock" <n_she...@hotmail.com> wrote in message
news:d13fbu$2bc$1...@lust.ihug.co.nz...
Such system allows multiple logins, though both systems allow
session hijacking (if without IP/user agent checking)
--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/
A rather large topic to cover. A link to a tutorial might be more suitable
here.
The issue of multiple login under the same user should be dealt with
separately, I think.
I'm not sure, if the links I added isn't enough.
> The issue of multiple login under the same user should be dealt with
> separately, I think.
So, please fix it and post revised contents.
Caveats:
(1) will definitely allow multiple logins and may allow session
hijacking.
(2a) alone may allow session hijacking.
(2b) may break if the user is behind proxy.
(2b)&(2c) If session alone (without storing in database) is used as a
storage, it may break.
(1), (2a), (2c with database) may provide enough security.
Refer:
http://www.php.net/session
http://www.mt-dev.com/2002/07/creating-a-secure-php-login-script/
http://www.mt-dev.com/2002/09/php-login-script/
+++++
@revision 2 Fixed answer for clarity. See Chung's comment
@todo Info about other authentications, better link to the login
implementation (above links use obsolete PHP style)