Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

php ultranoob session question




Eric Chadbourne-2 wrote:
> 
> so i'm whipping up a log in system for a website instead of using 
> somebody else's.  i'm reading though the sessions documentation.  being 
> as the session id is propagated via a cookie or the url is there any 
> advantage to using sessions with a basic authentication system.  at the 
> moment it appears everything sessions can do i can do via my own 
> hackery.  forgive my question if i'm missing something fundamental. 
> many thanks for any tips.  :-)
> 

Eric, I think the point that you were looking for someone to make is this:
Any authentication system SHOULD USE PHP's built-in session mechanism.
Authentication is, at its simplest, a system of two states -- logged in and
not logged in. The whole point of session management is to manage the state
of your program (on top of the HTTP protocol which doesn't really care about
states). Even if PHP session management is much more flexible than what you
need, as Gregory said: don't write your own session system. Just add your
particular authentication mechanism on top of the existing session system.

Using the existing framework means you'll be using more secure, mature code
and you'll be WRITING LESS CODE, and less likely to make a fatal mistake.

-- 
View this message in context: http://www.nabble.com/php-ultranoob-session-question-tp25208213s24859p25224071.html
Sent from the Boston Linux/UNIX General Discussion List mailing list archive at Nabble.com.







BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org