Re: So what happens after creating the login mechanism?
- From: "C. (http://symcbean.blogspot.com/)" <colin.mckinnon@xxxxxxxxx>
- Date: Thu, 26 Jun 2008 05:42:38 -0700 (PDT)
On Jun 25, 1:52 pm, pek <kimwl...@xxxxxxxxx> wrote:
I have read a lot of tutorials on how to create a login mechanism (a
lot of which I found really useful). None of them however explain how
do you check if the user is or is not in fact logged in.
What is your implementation? What do you believe is a good practice
and what is not? Do you provide both sessions and cookies for temporal
and long-term logins..?
You're confusing authentication and session management. If you try to
make them the same thing, and you allow users to login without
expiring for a long period of time you will have to maintain the user
session for that time - which is not going to scale well nor allow for
change management.
By all means allow your website to 'remember me' - but implement this
seperately from the session handling.
Then do authentication for any users who does not have a valid
session, if the user is authenticated, create a session or flag the
session as valid.
C.
.
- Follow-Ups:
- References:
- Prev by Date: Re: Stop hotlinking to a specific file & keeping a counter
- Next by Date: I recently found a Japanese AV website! It's Very good!
- Previous by thread: Re: So what happens after creating the login mechanism?
- Next by thread: Re: So what happens after creating the login mechanism?
- Index(es):
Relevant Pages
|
