Login Page Cookies

[mooseychops]

Hi Guys,

 

Having a bit of a security problem with my login page which is driving me nuts.

It looks like that users can bypass my login page and access other pages by simply navigating to them or keeping the url in thier favourites..!!

 

what is the best way to tackle this problem?

 

I have had a quick look and saw that there might be a way to do something with cookies to assign a cookie ID to each user who logs in to the system..

 

any ideas or hints towards putting me on the right track would be very much appreciated.

 

thanks!

[redarrow]

use a database, then secure there info , then pull it out for security checks then let them in,also add a capture code to prevent database injections

[PFMaBiSmAd]

Each protected page must have php code on it to check if the current visitor can access that page.

 

How does your login code 'remember' who the current visitor is after he/she has authenticated themselves and what's your code on each page to check and limit access to protected pages?

[xyph]

PHP sessions are probably the easiest solution, assuming you apply PFMaBiSmAd's advice above.

[SalientAnimal]

You could also set a session duration which would terminate their current session if they are inactive for a given period of time.