I usually use random numbers, and keys for things like this, for example: I have a users table in a database set up like this:
id integer auto increment primary key username varchar(32) password varchar(32) rand_key float this way I can set the users cookie with their id, and the random salt, witch you update and change in the database (and in the the cookie) every time a new page is output. The reason for this: I do not have to compromise the users information in a cookie, like the username and password, and if anyone sees the id and the random key, they will have been changed the next time the user hits the script again. Jordan Mclain On Mon, 2002-06-24 at 08:20, Niko Gunadi wrote: > Hi, > > I'm using a session for my login system. So the session will keep the > user's username and password. My question is if we able to retrieve the > session back (for another page), is it necessary to check the username and password >against > the database ? > > I do not want to have unnecessary functions to slow down but i also > don't want to compromise the security. > > Thanx in advance > > niko > > -- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
