At 12:05 PM 5/17/01 -0500, Troy Moreland wrote:
>I fully understand what you are saying. The problem is that I'm storing
>their password so that they don't have to re-enter it on each new page
>visited. If I can't decrypt it, then I can't pass that password for the
>user. How do I keep passing the password then w/o having to write it to the
>session. Is that the right way to do it??
What I do, is pass a cookie.
On the login page, I give them a cookie.
When they input a correct UN/PW, then I store the cookie.
When the go on to the user pages, I take the cookie, give them a new
cookie, and compare the old cookie to the DB cookie.
If it's a match, then I store the new cookie to the db.
The cookie is a 13 digit base 36 number, generated randomly.
--
Dave's Engineering Page: http://www.dvanhorn.org
Where's dave? http://www.findu.com/cgi-bin/find.cgi?kc6ete-9
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
