David and Davy, My two bobs worth - I like to use sessions myself usually, I suppose because it means my scripts are controlling access rather than the server or the operating system. With sessons you can store all sorts of variables such as exactly what the user can do in a list of tasks rather than just "will we let him in or not". The user submits a form with his username and password, I look them up in a database, and if I find him I grab a "task list" of things he is allowed to do on the site (could be different for every user) and store them in a session. Everytime he tries to go somewhere on the site the script first checks if that task is in his list - furthermore, you can kick him off if he has overstayed or there has been no action for a period of time - also gives you the opportunity to log or time his total activity on the site.
I wrap each script in a small "include" routine which does all this so its no big deal in terms of coding effort or extra overhead. You might like to go this road rather than the simpler but more restrictive HTTP auth. way. Cheers CD ----- Original Message ----- From: "Davy Obdam" <[EMAIL PROTECTED]> To: "'David P Lenk'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, October 18, 2002 3:12 AM Subject: [PHP-WIN] RE: [PHP] Re: Need help with HTTP-Authentication > Hi David,. > > > Http authentication is probly not what you would want to > > use. Especially if you want to program in timeouts, you > > would be better off using session based login variables. > > Cookies are even better with an encrypted pasword that has a > > windows of time that you have to goto other pages to renew. > > > > Why HTTP auth? > > > > Is it mandatory? > > Well its not mandatory i gues. I just thought that using > HTTP-Authentication was one of the more secure ways of a login system? > But i have heared not thats not the case, so i might go for a login > system with sessions instead, or cookies. What would u use and why? What > excactly do u mean with timeouts? > > > I know this hasnt been any help, sorry! > > Thats okay;-) Keeps the discusion alive;-) > > Best regards, > > Davy Obdam, > mailto:info@;davyobdam.com > > > > -- > PHP Windows Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
