|
|
Posted by l3vi501 on 07/03/06 13:36
Personally that sounds like a little over kill to be storing the
session in a DB, then referencing the session off the user session ID,
and then checking if they are still logged in.
Personally my system always stores the user's password in the DB, in
a MD5 format. When the user logs into their account I store the MD5
password and user name in their session, and as they switch pages the
system will check that MD5 password and user name on the DB for a
match. As MD5 is a one way encryption I feel it has the security that I
need to keep users information secure from someone cracking their
password and a nice long string that is not going to be guessed.
If you want to log the user out after x minutes, all you would need it
a little javascript on each page that started on page load and after x
minutes it would put a popup telling the user that they are about to be
logged out. If they don't click cancel the javascript will just send
them to the page with the destroy session script.
Navigation:
[Reply to this message]
|