 |
 |
Find a programming school near you
php-general | 2001062
Date: 06/29/01
- Next message: Chris Komlenic: "[PHP] extracting <h1> element for TOC"
- Previous message: Justin Farnsworth: "Re: [PHP] Parse error: Needs T_VARIABLE or $"
- In reply to: Rasmus Lerdorf: "Re: [PHP] Stopping stolen / spoofed / linked sessions"
- Next in thread: Rasmus Lerdorf: "Re: [PHP] Stopping stolen / spoofed / linked sessions"
- Reply: Rasmus Lerdorf: "Re: [PHP] Stopping stolen / spoofed / linked sessions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> > I want to use PHP4 sessions for authentication,
>
> Ok, stop right there. Sessions and authentication have nothing to do with
> each other. To create a secure authenticated site you should be using
> HTTP-based authentication over SSL. Sessions are simply for maintaining
> state across http requests and have nothing to do with authentication.
>
> -Rasmus
So setting a 'loggedin' session variable once a person has authenticated, and
checking for that session variable each request before proceeding is not ok?
jason
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: php-general-unsubscribe <email protected> For additional commands, e-mail: php-general-help <email protected> To contact the list administrators, e-mail: php-list-admin <email protected>
- Next message: Chris Komlenic: "[PHP] extracting <h1> element for TOC"
- Previous message: Justin Farnsworth: "Re: [PHP] Parse error: Needs T_VARIABLE or $"
- In reply to: Rasmus Lerdorf: "Re: [PHP] Stopping stolen / spoofed / linked sessions"
- Next in thread: Rasmus Lerdorf: "Re: [PHP] Stopping stolen / spoofed / linked sessions"
- Reply: Rasmus Lerdorf: "Re: [PHP] Stopping stolen / spoofed / linked sessions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
