Jump to content

Login System Help


ATM
 Share

Recommended Posts

ok I want to make a Login System, I can understand how you can create a system that will log the user in but I can't understand how to display different data on the same page, depending on who is logged in.For example if you hadhttp://www.yourdomain.com/user/index.php?I=475638&page=4and the user saw the information they was intended to see, what is stopping anyone from typing in that url and visiting th page, If I uses sessions whouldn't people be able to use there session to get to others?Thanks,

Link to comment
Share on other sites

You will want to store a user ID and password in the session and check it against the database on each page. The default expiration time for a session is 24 minutes, they are secure enough because the session ID is passed in a cookie. Other then having the traffic intercepted, this is secure enough because one client would not know what the session ID is for another client. You don't want to pass the user ID through the URL, just keep it in the session. People can type in any URL to visit a page, so don't have variables in the URL that you think should be privelaged.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...