 |
 |
 |
 |
|
|
Date: 05/07/01
- Next message: Stephen Woodbridge: "[phplib] phplib changes databases on me"
- Previous message: Holger Bahr: "Re: Sv: [phplib] occasional problem with authentication"
- In reply to: Dennis Gearon: "[phplib] Auth Class/User Class"
- Next in thread: Alex Black: "Re: [phplib] Auth Class/User Class"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Instead of the complicated dropping of unauthorized User/Session, and
> transfer to an Authorized User/Session of the session vars, I was
> thinking of just adding a unique column with the user_ID to
> 'active_sessions' table. When a session was changed to authorized by the
> user logging in, the user's id would be put into that column and any
> page specific user vars/preferences would then be activeated after the
> user logged in.
>
> Is there something I'm missing that makes that not a good idea?
fyi this is the way we do it in binarycloud auth, and if it's done correctly
it's both secure and (even cooler) stateless - so you can run the same
session across _lots_ of machines in a cluster.
so yeah, it's a good idea. just make sure that your design is secure.
_alex
-- alex black, ceo enigma <email protected>the turing studio, inc. http://www.turingstudio.com
vox+510.666.0074 fax+510.666.0093
--------------------------------------------------------------------- To unsubscribe, e-mail: phplib-unsubscribe <email protected> For additional commands, e-mail: phplib-help <email protected>
- Next message: Stephen Woodbridge: "[phplib] phplib changes databases on me"
- Previous message: Holger Bahr: "Re: Sv: [phplib] occasional problem with authentication"
- In reply to: Dennis Gearon: "[phplib] Auth Class/User Class"
- Next in thread: Alex Black: "Re: [phplib] Auth Class/User Class"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]