-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm setting up a site using sessions right now, and I was just wondering if there is a way to ignore anything from the client side- I want them to POST a username and password, from there all data should be handled on the server.
I'm already using the query string to avoid cookies, but I want to make sure that if the user _does_ have cookies on, any change in the data will be ignored by the server. Any suggestions? Basically, I think it would be a lot more efficient for me to set a _SESSION['logged_in'] variable once than query the database for every page, but I don't know if it would be secure or not- I don't want someone setting the logged_in variable in their cookie, then getting full access to the site... Thanks, Evan - -- If you would be a real seeker after truth, you must at least once in your life doubt, as far as possible, all things. - -Rene Descartes -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE95S1W/rncFku1MdIRAqdUAJ478Q5xFn7vDDE7RFXUI1aQnaZWBACgmN55 VNdAnVIliDD6eNwRm3R2SMQ= =61VE -----END PGP SIGNATURE----- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
