php ultranoob session question
Eric Chadbourne
EChadbourne-3av5VAs6qClGBRGhe+f61g at public.gmane.org
Mon Aug 31 09:11:16 EDT 2009
> hi all.
>
> so i'm whipping up a log in system for a website instead of using
> somebody else's. i'm reading though the sessions documentation.
being
> as the session id is propagated via a cookie or the url is there any
> advantage to using sessions with a basic authentication system. at
the
> moment it appears everything sessions can do i can do via my own
> hackery. forgive my question if i'm missing something fundamental.
> many thanks for any tips. :-)
I wrote up an authentication system in PHP over the weekend. I didn't
use sessions as they seem of no use for this. It seems that if you're
not using HTTPS the site is vulnerable, I'll deal with that later. I
just have the person log in, their password is in the db sha1, if both
match they get a cookie random(6, 10), and insert into the db their IP
and systime. Every time they access a page the cookie, IP and time are
checked. All user input is sanitized. Anything else I should consider?
Thanks,
Eric C
More information about the Discuss
mailing list