[snip] > We are sitting here having a discussion on login techniques and I cam up > with a thought...why not have a login script write a cookie that then > coulod be read by PHP and compared against the AD via LDAP? Does anyone > see any gotcha's with that kind of process? Couldn't I write my own cookie to fool the authentication into thinking I'm somebody else? [/snip] I suppose that you could do that if you were savvy enough to realize that automatic login to the intranet used a cookie for authentication and you knew how to format the cookie and properly hash a checksum stored in the cookie. The user information stored in the cookie would be verified against the AD via LDAP. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
