Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    Regular Coder
    Join Date
    Dec 2002
    Posts
    109
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Question NOT NULLs and Nutter Butters

    Preface: Smart people, try not to make fun of me too much.

    That said, I'm developing a little online community site, and i need to use a cookie-based user management system ( server side sessions arent gunna cut it for what i have in mind )

    I know that cookies and 'security' dont exactly go hand-in-hand, but i also know a lot of you have had experience with them.

    any advice this forum could offer on the topic of user id cookies and security matters would be appreciated. A simple little block of code for after-form-post excecution wouldnt hurt either. Cookie expiration time updating on each and every page isnt an issue for me... i just need an 'on until logout requested' cookie.
    _---._
    \||/
    \||/
    \||/

  • #2
    Super Moderator
    Join Date
    May 2002
    Location
    Perth Australia
    Posts
    4,075
    Thanks
    11
    Thanked 98 Times in 96 Posts
    hate to be contrary but ...

    use sessions anyway, they are slightly more secure (sort of) , they will work regardless of whether the user has cookies disabled or not and will in fact use cookies if possible anyway.
    Also session data is instant, cookies require a page-refresh before they are set.

    Also session data is not stored in the clientside session cookie rather on the server, depending how secure your server is thats another security +.

    Whist sessions are registered until the user logs-out, you can extend the life of a session cookie if you wish to allow them to login automatically later.

    eitherway..
    I would suggest not storing passwords in cookies , if you do MD5() them at least.



    PS :: I know thats not the answer you were looking for
    resistance is...

    MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)

  • #3
    Regular Coder
    Join Date
    Dec 2002
    Posts
    109
    Thanks
    0
    Thanked 0 Times in 0 Posts
    do i have to pass the session information in the header from one page to the next for every page to maintain a session? I believed this was the only way.

    I know it sounds funny but i need to get session information from the user in pages that wont be openned by the user, or any function on the page. The user will login at the main page and then another program will be openning pages from on the site... so it makes it impossible to control information passed through the header.

    if you made any sense out of that, you win a puppy.

    -Shecky

  • #4
    Senior Coder
    Join Date
    Jun 2002
    Location
    frankfurt, german banana republic
    Posts
    1,848
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I did not quite understand the part with the program that starts opening pages, but if you can't rely on information sent via HTTP headers, then are cookies not an option for you, as they are sent via the header information.

    With sessions you can retrieve the current session id with session_id() and later reinitialize a session with the same function (session_id()), only that now you pass a single parameter that contains the id of the session you want to get. But that requires passing or storing the session id somewhere, be it a file, database, shared memory... etc.

    Ok, you could store cookie information the same way and have a script read it out later in similar fashion. I think the answer depends on your specific setup, perhaps you provide us with a little bit more information.

  • #5
    Regular Coder
    Join Date
    Dec 2002
    Posts
    109
    Thanks
    0
    Thanked 0 Times in 0 Posts
    it planned to be a service tied into AOL instant messenger through the AIM-expressions (aim 5.0+) system. Content to appear in a regular browsers window and in the IM-side window.

    The IM side window is a IE 4.0+ window attached to the left of the IM window. When a user downloads my 'aim-expression' plugin, this IM side window automatically displays a specific page or image of my choosing (a standard generic url stored in the plug in data.)

    The page displayed in that IM side window would have to be able to recognize a logged in user and gather info, either from MySQL or via cookie, which pretains to a specific users preferences, which in turn effect the displayed content of this IM side window.

    What this means, basically, is that i need a way automatically have the users session be resumed once one of these IM-side windows pop up.

    I'm sure i lost just about everyone by now. If you made it this far you may as well take a victory lap.



    if someone is feelin all mother theresa'ish, i 'd love to chat with anyone willing to talk at some length about it. Its a pretty harsh initiation for my first php/mysql project... i just need i push-start i think. thanks all

    AIM: T3kNoSQuiD


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •