[nycphp-talk] secure login/logon
PaulCheung
paulcheung at tiscali.co.uk
Tue Aug 7 03:31:44 EDT 2007
Thanks Chris
I had confused session cookies and stored cookies
Paul
----- Original Message -----
From: "csnyder" <chsnyder at gmail.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Monday, August 06, 2007 8:22 PM
Subject: Re: [nycphp-talk] secure login/logon
> On 8/6/07, PaulCheung <paulcheung at tiscali.co.uk> wrote:
>> I just need pointing in the right direction. Does anybody know where I
>> should be looking for in information on secure login/logon (using PHP 5
>> and
>> DOES NOT USE COOKIES) with coding examples?
>
> Perhaps you are confused re: cookies. Session cookies (not stored
> cookies!) are considered the best (most secure) way to handle
> authentication from request to request. See PHP's session functions
> for details and examples.
>
> You should use HTTPS for login and for all subsequent requests to
> avoid transmitting the session id in plaintext.
>
> --
> Chris Snyder
> http://chxo.com/
> _______________________________________________
> New York PHP Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
More information about the talk
mailing list