[nycphp-talk] secure login/logon

csnyder chsnyder at
Mon Aug 6 15:22:10 EDT 2007

On 8/6/07, PaulCheung <paulcheung at> wrote:
> I just need pointing in the right direction. Does anybody know where I
> should be looking for in information on secure login/logon (using PHP 5 and
> DOES NOT USE COOKIES) with coding examples?

Perhaps you are confused re: cookies. Session cookies (not stored
cookies!) are considered the best (most secure) way to handle
authentication from request to request. See PHP's session functions
for details and examples.

You should use HTTPS for login and for all subsequent requests to
avoid transmitting the session id in plaintext.

Chris Snyder

More information about the talk mailing list