Forums

PHP

This topic is locked

HELP!! trying authentication without cookies.

Posted 09 Dec 2001 23:35:17
1
has voted
09 Dec 2001 23:35:17 Michael Davis posted:
I'm trying to implment PHP/MySql autentication without cookies. (I'm using Impkt). It works just fine, but when I disable cookies in my browser, I am sent to my access denined page. Am I correct to be trying something like:
$KT_redirectLoginSuccess="yourIn.php?PHPSESSID=$PHPSESSID";

Thanks for any response.

Replies

Replied 13 Dec 2001 10:32:08
13 Dec 2001 10:32:08 Tim Green replied:
No you're note.

PHP is extrememly efficient with Sessions in that it will automatically send the SID (not $PHPSESSID) constant via the URL if cookies are turned off. This is the default action, and *should* happen automatically when cookies are turned off.

You are, however, going to always run into problems when you try to authenticate without cookies in this way, as values will always have to be sent via the URL GET Parameters. This will leave all passwords and usernames etc available to whoever looks through your visitor's history (as all URL's are stored).

In other words, you should only do this if security doesn't matter. However, I would say, that if security doesn't matter, then you shouldn't even bother using authentication as it is a waste of time.

Tim Green

Extension & PHP TalkZone Manager
<font size=1>-------------------------------------------
<i>Please read the Forum FAQ before posting
a question to this TalkZone.</i>
-------------------------------------------
www.UDzone.com : A dynamic Dreamweaver,
Ultradev and Fireworks site for developers
by developers.
-------------------------------------------</font id=size1>

Reply to this topic