SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Member
    Join Date
    Jun 2007
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Very simple authentification system

    http://penso.info/auth_generator

    Something that doesn't require db calls / server-side sessions...

    I just don't quite understand how it works, why you can't edit the cookie and fake somebody else

  2. #2
    SitePoint Evangelist AlienDev's Avatar
    Join Date
    Feb 2007
    Location
    UK
    Posts
    591
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You have to use a DB and sessions to do it. (sessions are NEEDED but 99% of the time are easier)

    If only the user id and a string of random characters are stored in the session then that can be compared to the db to check the user is really the right person. if the random characters in the session dont match the random characters in the DB then they are trying to spoof someone else.
    Me on StackOverflow | Blog & personal website.

    I mostly use: PHP, Java, JavaScript, Android.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •