Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

php ultranoob session question



> hi all.
> 
> so i'm whipping up a log in system for a website instead of using
> somebody else's.  i'm reading though the sessions documentation.
being
> as the session id is propagated via a cookie or the url is there any
> advantage to using sessions with a basic authentication system.  at
the
> moment it appears everything sessions can do i can do via my own
> hackery.  forgive my question if i'm missing something fundamental.
> many thanks for any tips.  :-)

I wrote up an authentication system in PHP over the weekend.  I didn't
use sessions as they seem of no use for this.  It seems that if you're
not using HTTPS the site is vulnerable, I'll deal with that later.  I
just have the person log in, their password is in the db sha1, if both
match they get a cookie random(6, 10), and insert into the db their IP
and systime.  Every time they access a page the cookie, IP and time are
checked.  All user input is sanitized.  Anything else I should consider?

Thanks,
Eric C







BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org