mkosmosports Posted June 14, 2007 Share Posted June 14, 2007 Hey, I have finished creating a solid medium-level security user login/validation script except it relies on cookies, and after reading up a little, I dont want to rely solely on them. So, Ive thought of the following idea of a login/validation without using cookies... When user logs in: 1. Username and password (hashed) fields are checked in a select query for their match. 2. If existent, the username is hashed and entered in another column called "loggedin_token" (or something like that) 3. A session variable saying user is logged in and containing loggedin_token is set. Now to validate: 1. Query selecting the username where loggedin_token in session variable is the same as loggedin_token in mysql row. 2. If query has a resulting row, user is valid, if not theyre not. The logged_in token will always be unique because the username is unique. Does this make sense? Thanks for your time.. Link to comment https://forums.phpfreaks.com/topic/55651-user-validation-script-without-cookies/ Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.