ItsMeOnly
12-06-2006, 04:18 PM
Can anyone recommend, or suggest way of writting, a "framework" for user authentication- I know the basics, though I'm not really familiar with session management.
The parts I know is the way of storing and getting user authentication (both DB- MySQL based, or - in this case most likely- file based), however I've never wrote a working engine, that would keep the user logged in. I know that I can store a cookie with login-time and IP, and session name client-side, and refresh it with each subsequent request user makes- unless the cookie expires before. But how to get/store session name server-side? Never done that before... and the above suggested method IMO seems vunerable to session-hijaking.
Any thoughts/suggestions on how could that be done good, and in a simple way?
Rambo
The parts I know is the way of storing and getting user authentication (both DB- MySQL based, or - in this case most likely- file based), however I've never wrote a working engine, that would keep the user logged in. I know that I can store a cookie with login-time and IP, and session name client-side, and refresh it with each subsequent request user makes- unless the cookie expires before. But how to get/store session name server-side? Never done that before... and the above suggested method IMO seems vunerable to session-hijaking.
Any thoughts/suggestions on how could that be done good, and in a simple way?
Rambo