On 4/9/07, Martin Marques <martin@xxxxxxxxxxxxxxx> wrote:
Tijnema ! escribió: > On 4/9/07, Martin Marques <martin@xxxxxxxxxxxxxxx> wrote: >> >> Yes: >> >> Don't use transparent session id, or even better, save the >> authentication in a cookie on the client (seperated from the session >> array). > > And then the user would crack the cookie .... > I know they are encrypted, but trust me, cookies can be edited. So what? The user authenticated himself, so what is he gonna crack?
Yes, but i guess you're not only storing if the user has authenticated, also storing a username? And if that's not the case, then you could authenticate by creating a cookie where it says authenticated = yes, and you're authenticated... Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
