Writing paranoia secure login class with option
Posted 10 May 2006 - 06:13 PM
Posted 10 May 2006 - 08:29 PM
Posted 10 May 2006 - 08:54 PM
Red, could you be more clear? Do you mean that you want to store in a user session everyone's information? More likely, you mean you want to store everyone's information in a database and store a user's specific information in a session/cookie. But out of curiousity why do you want it to be "so secure"? I don't think adding more to a session will make things any more secure, and some things, such as IP address, will just make more trouble for yourself. Most likely, just the user id will be enough and you can query the database to confirm the user and his information at the beginning of each page if you are worried.
As i said it's paranoia :-). I just want to store unique code both in session and in cookies and compare it with value that stored in db. Or i should not use cookie at all for current use info?
Posted 10 May 2006 - 09:12 PM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users