Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
> hi all. > > so i'm whipping up a log in system for a website instead of using > somebody else's. i'm reading though the sessions documentation. being > as the session id is propagated via a cookie or the url is there any > advantage to using sessions with a basic authentication system. at the > moment it appears everything sessions can do i can do via my own > hackery. forgive my question if i'm missing something fundamental. > many thanks for any tips. :-) I wrote up an authentication system in PHP over the weekend. I didn't use sessions as they seem of no use for this. It seems that if you're not using HTTPS the site is vulnerable, I'll deal with that later. I just have the person log in, their password is in the db sha1, if both match they get a cookie random(6, 10), and insert into the db their IP and systime. Every time they access a page the cookie, IP and time are checked. All user input is sanitized. Anything else I should consider? Thanks, Eric C
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |