Re: [PHP] Session Authentication
- From: tijnema@xxxxxxxxx ("Tijnema !")
- Date: Mon, 9 Apr 2007 17:37:50 +0200
On 4/9/07, Martin Marques <martin@xxxxxxxxxxxxxxx> wrote:
Tijnema ! escribió:Yes, but i guess you're not only storing if the user has
> On 4/9/07, Martin Marques <martin@xxxxxxxxxxxxxxx> wrote:
>>
>> Yes:
>>
>> Don't use transparent session id, or even better, save the
>> authentication in a cookie on the client (seperated from the session
>> array).
>
> And then the user would crack the cookie ....
> I know they are encrypted, but trust me, cookies can be edited.
So what? The user authenticated himself, so what is he gonna crack?
authenticated, also storing a username?
And if that's not the case, then you could authenticate by creating a
cookie where it says authenticated = yes, and you're authenticated...
Tijnema
.
- Follow-Ups:
- Re: [PHP] Session Authentication
- From: Martin Marques
- RE: [PHP] Session Authentication
- From: "Peter Lauri"
- Re: [PHP] Session Authentication
- From: Davi
- Re: [PHP] Session Authentication
- References:
- Session Authentication
- From: "Ólafur Waage"
- Re: [PHP] Session Authentication
- From: Martin Marques
- Re: [PHP] Session Authentication
- From: "Tijnema !"
- Re: [PHP] Session Authentication
- From: Martin Marques
- Session Authentication
- Prev by Date: Re: [PHP] MD5 & bot Question
- Next by Date: Re: [PHP] Session Authentication
- Previous by thread: Re: [PHP] Session Authentication
- Next by thread: Re: [PHP] Session Authentication
- Index(es):
Relevant Pages
|
