|
|
Posted by Chenky on 10/12/06 10:40
Hi all,
I'm not a overly experienced PHP programmer but I like to dabble and
I'm working on a 'semi-secure' member's area. Previous I have used
normal variables to determine the validity of a user.
i.e. Once the user has logged in, a random id is created an placed in
the database in their row and each secured page will have a URL like
this : .../secure.php?user=joebloggs&randid=324395
Each page looks up the username and checks it against the random id
(instead of their password for obvious reasons).
However, I want to remove this altogether so a page will just be like
'secure.php' so I've looked into session variables - another
interesting endeavour which was quite effective until the user logs in.
The URL then changes to ...secure.php?PHPSESSID=94fhq439fqqh9f-qh9-q2h
or something similar. Obviously, this doesn't happen when clicking a
link but the use of a login form causes this added variable to the URL.
Any thoughts on avoiding this? Or am i stuck with it if i want to use
the session variable approach?
Cheers,
Joshua
Navigation:
[Reply to this message]
|