|
Posted by "Jeffrey Santos" on 10/11/05 00:43
Why not store a cookie and session variable with a randomly generated ID
code (see uniqid function in manuals) then just check to see if one is equal
to the other on your "relogin" This way you don't record any "personal"
user information and can still do an autologin type script.
- Jeff
-----Original Message-----
From: Dan Brow [mailto:dan@fullmotions.com]
Sent: Monday, October 10, 2005 4:51 PM
To: PHP-Users
Subject: Re: [PHP] storing passwords in $_SESSION
Sorry for the confusion, I should have changed the subject line to
reflect my new idea.
Thanks.
On Mon, 2005-10-10 at 22:03 +0200, Emil Novak wrote:
> Oh, just username... That's good idea.
>
> Emil NOVAK
> LAMP Developer
>
> On 10/10/05, Dan Brow <dan@fullmotions.com> wrote:
> > I was meaning just the username, not the password, still the same issue?
> >
> > On Mon, 2005-10-10 at 21:35 +0200, Emil Novak wrote:
> > > Yet another unsafe way... You can try to write a program that reads
> > > stored cookies in Temporary Internet Files - it's peace of cake for
> > > somebody that is advanced programmer. The best way is to "eliminate"
> > > lazy users - you simply do not implement "auto login". It's the
> > > fastest, safest and the easiest way to solve the problem.
> > >
> > > Emil NOVAK
> > > LAMP Developer
> > >
> > > On 10/10/05, Dan Brow <dan@fullmotions.com> wrote:
> > > > Well, um. ya. Back to the drawing board. Save it in a cookie?
> > > >
> > > > On Mon, 2005-10-10 at 14:59 -0400, Kilbride, James wrote:
> > > > > If the session expired.. how will session hold their user id??
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Dan Brow [mailto:dan@fullmotions.com]
> > > > > > Sent: Monday, October 10, 2005 3:05 PM
> > > > > > To: PHP-Users
> > > > > > Subject: Re: [PHP] storing passwords in $_SESSION
> > > > > >
> > > > > > Thanks, figured that would be the case. Can't for life of me
> > > > > > think why I wanted to do that, must have had a brain
> > > > > > infarction. I want to have an expired session prompt so
> > > > > > people can log back in with out having to start at the login
> > > > > > page. Would having the users login saved in $_SESSION be
> > > > > > alright? prompt them for their password and compare it with
> > > > > > the password in the DB be fine? I want to reduce the amount
> > > > > > of typing someone has to do when a session expires.
> > > > > >
> > > > > > Thanks.
> > > > > >
> > > > > > --
> > > > > > PHP General Mailing List (http://www.php.net/) To
> > > > > > unsubscribe, visit: http://www.php.net/unsub.php
> > > > > >
> > > > > >
> > > >
> > > > --
> > > > PHP General Mailing List (http://www.php.net/)
> > > > To unsubscribe, visit: http://www.php.net/unsub.php
> > > >
> > > >
> > >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
>
> --
> Emil NOVAK, razvijalec distribucije Slonix
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Back to original message]
|