Hyaku_ Posted January 3, 2007 Share Posted January 3, 2007 Hi!I read fiew tutorials about User Authentication, but I still need some times for improving security. This is how far I got:If login is successfull create new session, each time user sends a new request, generate new session id. When user logins save he's IP and User Agent in session (or should I better save it in a database?)Then I will check if IP or User Agent changes, log user off. Is it posible if user uses proxy server, that IP could change on every new request or is it ok to check by IP?All this information I will saved in user class. Any tips how should I improve this? is this cheme ok? Thank you! Link to comment https://forums.phpfreaks.com/topic/32753-safe-user-authentication/ Share on other sites More sharing options...
trq Posted January 3, 2007 Share Posted January 3, 2007 A users ip can change at any time, Ive allways found sessions to be secure enough for a general website. Link to comment https://forums.phpfreaks.com/topic/32753-safe-user-authentication/#findComment-152461 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.