|
|
Posted by Mike on 05/03/07 12:01
Oh no another question on login scripts. Sorry but I just wanted to
check if the way I propose to do it would be acceptable...
User's details are stored in a database.
User logs in with username and password.
Database is checked for match, if ok then store a random string to a
session and the database against that user.
If they checked the "remember me" box then the string is also stored
to a cookie.
Then on every page that requires you to be logged in, it first checks
that the session exists, if it does then look for it in the database,
if not, it checks that a cookie exists, if not go back to login. If
cookie exists, then store the cookie value to the session string.
Then try to find the session string in the database, if it does then
thats that user and you can get details.
Sound about right??
Cheers
Mike
[Back to original message]
|