Yet another unsafe way... You can try to write a program that reads stored cookies in Temporary Internet Files - it's peace of cake for somebody that is advanced programmer. The best way is to "eliminate" lazy users - you simply do not implement "auto login". It's the fastest, safest and the easiest way to solve the problem. Emil NOVAK LAMP Developer On 10/10/05, Dan Brow <dan@xxxxxxxxxxxxxxx> wrote: > Well, um. ya. Back to the drawing board. Save it in a cookie? > > On Mon, 2005-10-10 at 14:59 -0400, Kilbride, James wrote: > > If the session expired.. how will session hold their user id?? > > > > > -----Original Message----- > > > From: Dan Brow [mailto:dan@xxxxxxxxxxxxxxx] > > > Sent: Monday, October 10, 2005 3:05 PM > > > To: PHP-Users > > > Subject: Re: storing passwords in $_SESSION > > > > > > Thanks, figured that would be the case. Can't for life of me > > > think why I wanted to do that, must have had a brain > > > infarction. I want to have an expired session prompt so > > > people can log back in with out having to start at the login > > > page. Would having the users login saved in $_SESSION be > > > alright? prompt them for their password and compare it with > > > the password in the DB be fine? I want to reduce the amount > > > of typing someone has to do when a session expires. > > > > > > Thanks. > > > > > > -- > > > PHP General Mailing List (http://www.php.net/) To > > > unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
