[nycphp-talk] secure login/logon

PaulCheung paulcheung at
Tue Aug 7 03:31:44 EDT 2007

Thanks Chris

I had confused session cookies and stored cookies


----- Original Message ----- 
From: "csnyder" <chsnyder at>
To: "NYPHP Talk" <talk at>
Sent: Monday, August 06, 2007 8:22 PM
Subject: Re: [nycphp-talk] secure login/logon

> On 8/6/07, PaulCheung <paulcheung at> wrote:
>> I just need pointing in the right direction. Does anybody know where I
>> should be looking for in information on secure login/logon (using PHP 5 
>> and
>> DOES NOT USE COOKIES) with coding examples?
> Perhaps you are confused re: cookies. Session cookies (not stored
> cookies!) are considered the best (most secure) way to handle
> authentication from request to request. See PHP's session functions
> for details and examples.
> You should use HTTPS for login and for all subsequent requests to
> avoid transmitting the session id in plaintext.
> -- 
> Chris Snyder
> _______________________________________________
> New York PHP Community Talk Mailing List
> NYPHPCon 2006 Presentations Online
> Show Your Participation in New York PHP

More information about the talk mailing list