|
|
Posted by Emil Novak on 10/10/05 22:35
Yet another unsafe way... You can try to write a program that reads
stored cookies in Temporary Internet Files - it's peace of cake for
somebody that is advanced programmer. The best way is to "eliminate"
lazy users - you simply do not implement "auto login". It's the
fastest, safest and the easiest way to solve the problem.
Emil NOVAK
LAMP Developer
On 10/10/05, Dan Brow <dan@fullmotions.com> wrote:
> Well, um. ya. Back to the drawing board. Save it in a cookie?
>
> On Mon, 2005-10-10 at 14:59 -0400, Kilbride, James wrote:
> > If the session expired.. how will session hold their user id??
> >
> > > -----Original Message-----
> > > From: Dan Brow [mailto:dan@fullmotions.com]
> > > Sent: Monday, October 10, 2005 3:05 PM
> > > To: PHP-Users
> > > Subject: Re: [PHP] storing passwords in $_SESSION
> > >
> > > Thanks, figured that would be the case. Can't for life of me
> > > think why I wanted to do that, must have had a brain
> > > infarction. I want to have an expired session prompt so
> > > people can log back in with out having to start at the login
> > > page. Would having the users login saved in $_SESSION be
> > > alright? prompt them for their password and compare it with
> > > the password in the DB be fine? I want to reduce the amount
> > > of typing someone has to do when a session expires.
> > >
> > > Thanks.
> > >
> > > --
> > > PHP General Mailing List (http://www.php.net/) To
> > > unsubscribe, visit: http://www.php.net/unsub.php
> > >
> > >
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
[Back to original message]
|