[nycphp-talk] secure login/logon
chsnyder at gmail.com
Mon Aug 6 15:22:10 EDT 2007
On 8/6/07, PaulCheung <paulcheung at tiscali.co.uk> wrote:
> I just need pointing in the right direction. Does anybody know where I
> should be looking for in information on secure login/logon (using PHP 5 and
Perhaps you are confused re: cookies. Session cookies (not stored
cookies!) are considered the best (most secure) way to handle
authentication from request to request. See PHP's session functions
for details and examples.
You should use HTTPS for login and for all subsequent requests to
avoid transmitting the session id in plaintext.
More information about the talk