6 2735
R. Rajesh Jeba Anbiah wrote: Q: How to implement a login system? A: Use sessions. When the user logins, store the session id in the database and then compare the current session id with the one stored in the database on every page. May also check IP; but it may break if the user is behind proxy.
Hm.. I'm currently running things so that when the user logs in, I store
the user's ID as a session variable, then check that ID in every page to
see if the user is logged on, and who it is. Are there any problems with
this scheme?
Cheers,
Nicholas Sherlock
That sounds right.
Don't forget to refresh your page to acknowledge if the user is still logged
in or not. That way if the user has not updated the session they must be
logged off.
Brent Palmer.
"Nicholas Sherlock" <n_********@hot mail.com> wrote in message
news:d1******** **@lust.ihug.co .nz... R. Rajesh Jeba Anbiah wrote: Q: How to implement a login system? A: Use sessions. When the user logins, store the session id in the database and then compare the current session id with the one stored in the database on every page. May also check IP; but it may break if the user is behind proxy.
Hm.. I'm currently running things so that when the user logs in, I store the user's ID as a session variable, then check that ID in every page to see if the user is logged on, and who it is. Are there any problems with this scheme?
Cheers, Nicholas Sherlock
Nicholas Sherlock <n_********@hot mail.com> wrote in message news:<d1******* ***@lust.ihug.c o.nz>...
<snip> Hm.. I'm currently running things so that when the user logs in, I store the user's ID as a session variable, then check that ID in every page to see if the user is logged on, and who it is. Are there any problems with this scheme?
Such system allows multiple logins, though both systems allow
session hijacking (if without IP/user agent checking)
--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/
"R. Rajesh Jeba Anbiah" <ng**********@r ediffmail.com> wrote in message
news:11******** *************@g 14g2000cwa.goog legroups.com... Q: How to implement a login system? A: Use sessions. When the user logins, store the session id in the database and then compare the current session id with the one stored in the database on every page. May also check IP; but it may break if the user is behind proxy.
A rather large topic to cover. A link to a tutorial might be more suitable
here.
The issue of multiple login under the same user should be dealt with
separately, I think.
Chung Leong wrote: Q: How to implement a login system? A: Use sessions. When the user logins, store the session id in the database and then compare the current session id with the one
stored in the database on every page. May also check IP; but it may break if
the user is behind proxy. A rather large topic to cover. A link to a tutorial might be more
suitable here.
I'm not sure, if the links I added isn't enough.
The issue of multiple login under the same user should be dealt with separately, I think.
So, please fix it and post revised contents.
--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/
Q: How to implement a login system?
A: Login/authentication system can be implemented in many ways:
1. Basic login system:
When the user logins, set a cookie or session variable and expect
that variable in every pages.
2. Sessions based login:
a. When the user logins, store the session id in the database and
then compare the current session id with the one stored in the database
on every page.
b. Check logged in user's IP on every page.
c. Check logged in user's browser on every page. May use the user
agent string ($_SERVER['HTTP_USER_AGEN T']) or hash of it.
Caveats:
(1) will definitely allow multiple logins and may allow session
hijacking.
(2a) alone may allow session hijacking.
(2b) may break if the user is behind proxy.
(2b)&(2c) If session alone (without storing in database) is used as a
storage, it may break.
(1), (2a), (2c with database) may provide enough security.
Refer: http://www.php.net/session http://www.mt-dev.com/2002/07/creati...-login-script/ http://www.mt-dev.com/2002/09/php-login-script/
+++++
@revision 2 Fixed answer for clarity. See Chung's comment
@todo Info about other authentications , better link to the login
implementation (above links use obsolete PHP style) This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: R. Rajesh Jeba Anbiah |
last post by:
-----------------------------------------------------------------
This is the FAQ thread where the FAQ compilation project goes.
* If you wish to improve the contents, please copy the whole content,
fix it and then post it. When posting, please change the revision
number (increase by 1) in the subject line.
* If you want to comment, do it without changing the subject line.
* Do NOT add new question and answers here. Add here *only* after...
|
by: Janwillem Borleffs |
last post by:
-----------------------------------------------------------------
This is the FAQ thread where the FAQ compilation project goes.
* If you wish to improve the contents, please copy the whole content,
fix it and then post it. When posting, please change the revision
number (increase by 1) in the subject line.
* If you want to comment, do it without changing the subject line.
* Do NOT add new question and answers here. Add here only after...
|
by: Janwillem Borleffs |
last post by:
-----------------------------------------------------------------
This is the FAQ thread where the FAQ compilation project goes.
* If you wish to improve the contents, please copy the whole content,
fix it and then post it. When posting, please change the revision
number (increase by 1) in the subject line.
* If you want to comment, do it without changing the subject line.
* Do NOT add new question and answers here. Add here only after...
|
by: Janwillem Borleffs |
last post by:
-----------------------------------------------------------------
This is the FAQ thread where the FAQ compilation project goes.
* If you wish to improve the contents, please copy the whole content,
fix it and then post it. When posting, please change the revision
number (increase by 1) in the subject line.
* If you want to comment, do it without changing the subject line.
* Do NOT add new question and answers here. Add here only after...
|
by: R. Rajesh Jeba Anbiah |
last post by:
-----------------------------------------------------------------
This is the FAQ thread where the FAQ compilation project goes.
* If you wish to improve the contents, please copy the whole content,
fix it and then post it. When posting, please change the revision
number (increase by 1) in the subject line.
* If you want to comment, do it without changing the subject line.
* Do NOT add new question and answers here. Add here only after...
| |
by: Xah Lee |
last post by:
Microsoft Hatred, FAQ
Xah Lee, 20020518
Question: U.S. Judges are not morons, and quite a few others are
not morons. They find MS guilty, so it must be true.
Answer: so did the German population thought Jews are morons by
heritage, to the point that Jews should be exterminated from earth.
Apparently, the entire German population cannot be morons, they must be
|
by: James X. Li |
last post by:
Is there a way to implement multiple login forms for ASP.NET applications?
With our application we want to implement simple login form
for normal resources (downloadable files), but more rigorous login forms
for tasks like administration and configuration. The current ASP.NET seems
only to
allow to a single login form via the authentication element in web.config
in the root directory.
One work-around for our problem is implementing a...
|
by: Karel Kral |
last post by:
Hello,
I need to implement a login form before my application starts and the
main form shows.
Without Application framework (AF) is this simple. In Sub Main I create
and execute login form, then (if login is successful) show and start
main form. But how to implement this with Application framework enabled?
If AF is on, I must set application startup object to form.
--
______________________________________________________
|
by: Dr John Stockton |
last post by:
kelvlam <kelvlam@gmail.composted :
The newsgroup FAQ has not been posted here for some considerable while.
The latest version I know of is 8.1 - 2005-11-05
but I think the Web site serves 8.0 - 2004-03-15
We cannot expect new readers, especially those entering via Web pages,
to know of the FAQ without a regular posting of something with a
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |