[nycphp-talk] secure login/logon
csnyder
chsnyder at gmail.com
Mon Aug 6 15:22:10 EDT 2007
On 8/6/07, PaulCheung <paulcheung at tiscali.co.uk> wrote:
> I just need pointing in the right direction. Does anybody know where I
> should be looking for in information on secure login/logon (using PHP 5 and
> DOES NOT USE COOKIES) with coding examples?
Perhaps you are confused re: cookies. Session cookies (not stored
cookies!) are considered the best (most secure) way to handle
authentication from request to request. See PHP's session functions
for details and examples.
You should use HTTPS for login and for all subsequent requests to
avoid transmitting the session id in plaintext.
--
Chris Snyder
http://chxo.com/
More information about the talk
mailing list