Jump to content

reauthenticate user


samona

Recommended Posts

Create another form with separate SESSION variable, and populate the Username field (if there is one) with the Username set from the original form. So all they need to do is re-type in their password. That's what most sites do when you go in to edit account settings. And then you can kill the second session when they log-out of the admin panel, but they stay logged in to general area.

Link to comment
Share on other sites

I dont understand very well your problem. Just check if the user in the sesion is admin or not and do that, no?

 

You have a bit of a security hole by doing that... If the actual user steps away from their computer, and somebody else comes along, they can click into the admin panel then without need to validate they are indeed that person.

Link to comment
Share on other sites

I dont understand very well your problem. Just check if the user in the sesion is admin or not and do that, no?

 

You have a bit of a security hole by doing that... If the actual user steps away from their computer, and somebody else comes along, they can click into the admin panel then without need to validate they are indeed that person.

 

How? You are talking about a real person using the same PC after the admin?

 

If not, i dont understand why.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.