At 1:22 PM -0700 5/17/08, James Colannino wrote:
tedd wrote:
James:
Hey tedd, thanks for the response!
1. A $_SESSION variable;
After googling briefly on the subject of sessions, it looks like
this is probably the way I'd want to go. I like this idea, because
I can modularize the code and call different php scripts for
different actions. I could have each script check for the proper
session variables, and if they don't exist, redirect the user to the
login page.
I'm assuming that a session will last as long as the browser is open
(or until it's explicitly destroyed), correct? Are there any
security issues I should be aware of? Since there's a login, I'd be
serving this over SSL, and the user's password would be stored as an
SHA1 hash in the MySQL db.
James
James:
Not meaning to be short, but all questions about sessions can be
better answered via the manuals.
As for security, it's better if you read about it -- it longer and
more complicated than what an email exchange would allow. I recommend
purchasing Essential PHP Security (2005 O'Reilly)
http://shiflett.org/
In my estimation, that's essential.
Storing the user's password as a MD5 hash on MySQL is what I do -- it
works for me.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
