Re: Storing passwords in session variables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2012-12-11 at 08:46 -0400, Paul Halliday wrote:

> Hi,
> 
> I have a form that has username and password fields. While the form
> exists and contains various other fields the most common mode of
> operation is to have the form auto submit if it has enough arguments
> in the URL. So, someone is using an external program that has links
> wired as such:
> 
> test.php?start=1&end=2&this=blah&that=argh&username=user&password=pass
> 
> and when they hit that URL it sees it has enough arguments, fires and
> returns the result.
> 
> Client <-> Server is encrypted,  can I toss these into session variables?
> 
> The user could be coming from multiple frontends and it would be nice
> to forgo the user/pass in the url; give the username focus on the
> first visit let them drop their creds and then store them into the
> session so with each subsequent hit they can just get their results.
> 
> Make sense?
> 
> Note: I need to pass the credentials to an external app each time a
> request is made.
> 
> Thanks.
> 
> -- 
> Paul Halliday
> http://www.pintumbler.org/
> 


It looks like you're trying to re-invent authorisation procedures.
Typically, the first request logs a client in and retrieves a hashed
key, which is then used in all subsequent requests so that the server
can correctly verify the client. You can do this the way you suggested
with the session, but you must ensure that the session id is passed
across to your script by each of the connecting clients. That will be
done either as part of the head request, or as an extra parameter in the
URL.

Thanks,
Ash
http://www.ashleysheridan.co.uk



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux