On 4/9/07, Martin Marques <martin@bugs.unl.edu.ar> wrote:
Tijnema ! escribió:
> On 4/9/07, Martin Marques <martin@bugs.unl.edu.ar> wrote:
>>
>> Yes:
>>
>> Don't use transparent session id, or even better, save the
>> authentication in a cookie on the client (seperated from the session
>> array).
>
> And then the user would crack the cookie ....
> I know they are encrypted, but trust me, cookies can be edited.
So what? The user authenticated himself, so what is he gonna crack?
Yes, but i guess you're not only storing if the user has
authenticated, also storing a username?
And if that's not the case, then you could authenticate by creating a
cookie where it says authenticated = yes, and you're authenticated...
Tijnema
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
