> * and then Miguel Cruz declared.... > > So decide how much hassle it's worth making it (both for yourself and for > > your users) and run with it. My feeling would be that a cookie + email > > token is enough for anything but high-security or money-based operations; > > after those measures the amount of hassle rises steeply. > > I agree entirely. I've never worked on a user login thingy before so > just wondered if I'd missed anything. > > The user id is stored in a cookie and the email, pass, etc is stored in > a db. The only trouble now is what if 2 users share the same computer? > Should I provide a 'login as different user'? That seems to invite > abuse. > > The alternative is to not bother as the likehood of 2 people sharing a > computer both wanting accounts on my site is minimal: It's good, but not > /that/ good!
I wouldn't worry about it. If two people share the same computer well then they are out of luck.. working around this increases everyone's "hassle" factor... and if the lack of one vote throws your survey off that much then you don't have a large enough sample anyway :) -philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
