ATM Posted November 18, 2006 Share Posted November 18, 2006 ok I want to make a Login System, I can understand how you can create a system that will log the user in but I can't understand how to display different data on the same page, depending on who is logged in.For example if you hadhttp://www.yourdomain.com/user/index.php?I=475638&page=4and the user saw the information they was intended to see, what is stopping anyone from typing in that url and visiting th page, If I uses sessions whouldn't people be able to use there session to get to others?Thanks, Link to comment Share on other sites More sharing options...
justsomeguy Posted November 19, 2006 Share Posted November 19, 2006 You will want to store a user ID and password in the session and check it against the database on each page. The default expiration time for a session is 24 minutes, they are secure enough because the session ID is passed in a cookie. Other then having the traffic intercepted, this is secure enough because one client would not know what the session ID is for another client. You don't want to pass the user ID through the URL, just keep it in the session. People can type in any URL to visit a page, so don't have variables in the URL that you think should be privelaged. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now