Re: [PHP] Cookies, Sessions and Login Proceess

Mon, 12 Nov 2001 09:23:35 -0800 

Just do your authentication before you send any HTML (including any
whitespace).  I actually recommend not sending ANY HTML from your
authentication script.  Authenticate them, set your cookie, and redirect
the visitor to an appropriate next page, based on whether or not they've
successfully authenticated.

BTW - storing the username/password in the cookie makes no sense They've
already authenticated ... just store a user-is-logged-in cookie which
expires after X minutes/hours/etc.  It's a good practice for when you'll
have to deal with privacy & security concerns.

        ~Chris                           /"\
                                         \ /     September 11, 2001
                                          X      We Are All New Yorkers
                                         / \     rm -rf /bin/laden

On Mon, 12 Nov 2001, Joe Van Meer wrote:

> Hi there, I'm new to php coming from an asp background and would like to
> know the easiest way to automate a login process. I have one page called
> 'index.php' and it contains a form with 2 elements, username and password.
> This page is posted to th 'login.php' and here I do a check against the
> database to see if the person is who they say they are. This where I came
> across a problem...I would like to set a cookie on the user's machine once I
> know they are who they say they are. So I attempted to create a cookie to
> hold their username and password upon successful login..I received the
> following error...Warning: Cannot add header information - headers already
> sent by (output started at E:\ez\codesnipits\login.php:16) in
> E:\ez\codesnipits\login.php on line 66.
>
> So I looked up in the manual and found that I can't do it this way. I can't
> send header info after the header has been sent for obvious reasons. So how
> the heck do I manage to do this?  What I would to do is have the user login
> once, and each subsequent time they visit , skip the login process via their
> username and password in the cookie.
>
> Any insight to this type of process would greatly be appreciated.
>
> Thx Joe
> p.s  Sorry about the bold font ;)
>
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to