> I am interested in logging people in against a MySQL database, and then > storing temporary session data about them that would include anonymity > stats, permissions, and variable tracking from page to page in a MySQL > Database. (As opposed to insecure POST/GET/Cookie methods). I'm a trifle confused... Exactly how do you know that the person is the same person *withou* using one of POST/GET/Cookie? Since the database lives on the server, and the client only talks to it through HTTP, and HTTP is stateless, I'm not understanding what you're even trying to describe.. > I have seen this before and the implementation I saw was relatively > straight forward (The book "Core PHP Programming," [Orange Book of PHP] > basically explains the method I saw. Is anyone out there using something > drastically different? > > To the experienced: > How do you authenticate and track people through your site? Depends on the site, depends on how badly I need the data to be accurate and how likely I think that somebody will try to abuse it. There is no one answer to this. > Do you foresee flaws (possible flaws) in your system? Yes. > Does a perfect system exist? No. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
