He's not storing the password in a Cookies. He's storging it in a $_SESSION Which is still a Risk, especially on a shared server, but it's not necessarily in the category of "Never do this" On Fri, November 11, 2005 9:48 am, Stephen Leaf wrote: > For security.. *never* store the password in a cookie.. > if you must... instead do some sort of encryption on it and some other > value > store that and use it for verification. > > On Friday 11 November 2005 05:43 am, sunaram patir wrote: >> Hi, i am having problem with internet explorer. i am working on a >> project on building a website where i need to keep track of the >> users >> i.e. i use a login system in there in short. with the following code >> i >> check whether the user is logged in or not. >> <?php >> session_start(); >> >> $_SESSION['myurl']=$_SERVER['PHP_SELF']; >> if(!isset($_SESSION['student_username']) && >> !isset($_SESSION['student_password'])) >> header("Location: login.php"); >> ?> >> >> if the user is not logged in, it redirects to the login page >> login.php >> as is shown in the above code. now the user is allowed to log in >> through the following code: >> >> >> <?php >> session_cache_limiter('private_no_expire'); >> session_set_cookie_params(0,"/","schools.zenrays.com"); >> session_start(); >> $auth=false; >> ................ >> ................ >> ................ >> >> if($auth){ >> $_SESSION["student_username"]=$Effectivelogin; >> $_SESSION["student_password"]=$pass; >> if(isset($_SESSION['myurl'])) >> header("Location: >> http://schools.zenrays.com".$_SESSION['myurl']); else >> header("Location: http://schools.zenrays.com/students"); >> >> } >> >> it works fine in firefox and msn explorer. in internet explorer, >> when >> i visit to a >> link in any page it asks for the login details again. could anyone >> please help me out?! >> regards, >> sunaram > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php