Re: storing passwords in $_SESSION

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Yet another unsafe way... You can try to write a program that reads
stored cookies in Temporary Internet Files - it's peace of cake for
somebody that is advanced programmer. The best way is to "eliminate"
lazy users - you simply do not implement "auto login". It's the
fastest, safest and the easiest way to solve the problem.

Emil NOVAK
LAMP Developer

On 10/10/05, Dan Brow <dan@xxxxxxxxxxxxxxx> wrote:
> Well, um. ya. Back to the drawing board.  Save it in a cookie?
>
> On Mon, 2005-10-10 at 14:59 -0400, Kilbride, James wrote:
> > If the session expired.. how will session hold their user id??
> >
> > > -----Original Message-----
> > > From: Dan Brow [mailto:dan@xxxxxxxxxxxxxxx]
> > > Sent: Monday, October 10, 2005 3:05 PM
> > > To: PHP-Users
> > > Subject: Re:  storing passwords in $_SESSION
> > >
> > > Thanks, figured that would be the case. Can't for life of me
> > > think why I wanted to do that, must have had a brain
> > > infarction. I want to have an expired session prompt so
> > > people can log back in with out having to start at the login
> > > page. Would having the users login saved in $_SESSION be
> > > alright? prompt them for their password and compare it with
> > > the password in the DB be fine? I want to reduce the amount
> > > of typing someone has to do when a session expires.
> > >
> > > Thanks.
> > >
> > > --
> > > PHP General Mailing List (http://www.php.net/) To
> > > unsubscribe, visit: http://www.php.net/unsub.php
> > >
> > >
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux