Hi Quincy Session variables are stored on the server, not on the client, so there is no additional risk, if you don't send usernames and passwords back to the client with your script. But usually you don't need to store username/password because you don't need them in the scripts. You just store a variable which confirms that the user already has authenticated (p.e. $sess_auth=true;) which you can check in your scripts, and, if you need, the userID.
Maybe you have a look at some ready-to-use auth solutions written in PHP. Look at http://www.zend.com/codex.php?CID=341. Christoph "Quincy" <[EMAIL PROTECTED]> schrieb im Newsbeitrag [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... | I want to design a web application using php ,that allows the user to sign | in once into the mysql database and then over the course of several pages to | perform several queries on the database using their name and password. | | My question is how can I do this without asking the user to enter his name | and password on every page so that a query can be performed on the | database.My initial thoughts was to store the user name and password as | session variables when the person initial signs in. My concern is if this | safe enough as someone else may be able to access the session variables and | get the user name and password. | | Can anyone offer any suggestions on the safest way of accessing a mysql | database over several pages using the same user name and password without | asking the user to give this information on every page which needs to run a | query on the database. | | | | -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
