Hey all,
I have a password protected area, and after the user puts in their password, I store
it in a cookie, and the CGI reads that cookie every time to determine if the user is
logged in or not. I figured this was safer than passing a 'loggedin' param as a
hidden field, but I'm not sure if there is an industry standard way to do this. My
code is too long (300+ lines, and messy), so here's the outline/psuedocode:
#try to snag the cookie
$pw = get_cookie()
#if the user is logging in for the first time, write the cookie
if($cgi->param("password"){
$pw = $cgi->param("password");
write_cookie($pw);
}
#set a boolean if the password is correct
$loggedIn = isCorrect($pw);
unless($loggedIn){
prompt_for_password();
}elsif(
...rest of program
Is this secure? Is there a better way to do this?
Thanks,
Ryan
