Re: php session in ie

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

He's not storing the password in a Cookies.

He's storging it in a $_SESSION

Which is still a Risk, especially on a shared server, but it's not
necessarily in the category of "Never do this"

On Fri, November 11, 2005 9:48 am, Stephen Leaf wrote:
> For security.. *never* store the password in a cookie..
> if you must... instead do some sort of encryption on it and some other
> value
> store that and use it for verification.
>
> On Friday 11 November 2005 05:43 am, sunaram patir wrote:
>> Hi, i am having problem with internet explorer. i am working on a
>> project on building a website where i need to keep track of the
>> users
>> i.e. i use a login system in there in short. with the following code
>> i
>> check whether the user is logged in or not.
>> <?php
>> session_start();
>>
>> $_SESSION['myurl']=$_SERVER['PHP_SELF'];
>> if(!isset($_SESSION['student_username']) &&
>> !isset($_SESSION['student_password']))
>>        header("Location: login.php");
>> ?>
>>
>> if the user is not logged in, it redirects to the login page
>> login.php
>> as is shown in the above code. now the user is allowed to log in
>> through the following code:
>>
>>
>> <?php
>> session_cache_limiter('private_no_expire');
>> session_set_cookie_params(0,"/","schools.zenrays.com");
>> session_start();
>> $auth=false;
>> ................
>> ................
>> ................
>>
>>  if($auth){
>>        $_SESSION["student_username"]=$Effectivelogin;
>>        $_SESSION["student_password"]=$pass;
>>        if(isset($_SESSION['myurl']))
>>           header("Location:
>> http://schools.zenrays.com".$_SESSION['myurl']); else
>>           header("Location: http://schools.zenrays.com/students";);
>>
>>  }
>>
>>  it works fine in firefox and msn explorer. in internet explorer,
>> when
>> i visit to a
>> link in any page it asks for the login details again. could anyone
>> please help me out?!
>>            regards,
>>           sunaram
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux