What is the best method for keeping managing my users? I don't think storing username and password in cookies is secure so I am trying to avoid that. My idea is storing the session ID in a cookie, and in a table along with the username. I just dont understand how I should go on about doing this. So my question really is what is the best way of keeping users logged in without storing username and pass in cookies.
Thanks for that link Mandibal. Maybe I should try the method that forums like vBulletin uses. So I ask, what is that method? I hope it's not storing the users account info in a cookie
I havent disected the vBulletin method, but I'd assume that they dont store sensitive information like a password in a cookie. I think the big thing I took from Harrys article and I assume that this might some what standard is that even after a user initially logs in you act paranoid later. By this I mean if the user logs in then goes and wants to change a password or something you make them supply the original password again so you can check it against the db. Also dont store a password in clear text if you dont have to. Encode it at least with md5.
It seems there are questions about security here and there. I can sympathize with the confusion. There is a great article called "The Truth About Sessions" that can be found in this free d/l digital version of the mag:
Posting Permissions
Bookmarks