TalkPHP - View Single Post

Village Idiot · 12-24-2009, 08:13 PM

When validating users, use their unique database ID and a login key that you generate at login. This is how the login I wrote for a band worked.

1. User enters email and password
2. If they match, the script generates a login key (3/IGW4/?#6HW4 for example) and puts that and the users ID in seperate cookies. It also inserts these rows into the login table with the time.
3. Future pages validate based off of those two pieces of information in the login table.
4. After a certain amount of time of inactivity (we monitored every move made on the site) or if another log in takes place, the information in deactivated and kept for records.

This allowed us to see when users logged in and to log them out if we wanted to. It also provided security since the keys expired after a few minutes of inactivity, so having the login cookies would only work for a short time.

12-24-2009, 08:13 PM	#5 (permalink)
Village Idiot Wizard Join Date: Sep 2007 Posts: 1,299 Thanks: 17	When validating users, use their unique database ID and a login key that you generate at login. This is how the login I wrote for a band worked. 1. User enters email and password 2. If they match, the script generates a login key (3/IGW4/?#6HW4 for example) and puts that and the users ID in seperate cookies. It also inserts these rows into the login table with the time. 3. Future pages validate based off of those two pieces of information in the login table. 4. After a certain amount of time of inactivity (we monitored every move made on the site) or if another log in takes place, the information in deactivated and kept for records. This allowed us to see when users logged in and to log them out if we wanted to. It also provided security since the keys expired after a few minutes of inactivity, so having the login cookies would only work for a short time. __________________