Van wrote:
>
> Well, I've gotten through the authentication mechanics, and, although
> Monty and several others posted some simple but usefull techniques to
> create user authentication for a Web-Enabled time sheet application, I
> decided to create a separate database and table for the users, for
> several reasons. Most important was to keep the mysql user tables out
> of harms way.
> Problem I'm having is variables getting set but, not staying alive after
> authentication is successful. This may be a little off topic, but, if
> anyone knows a way to keep user-defined variables alive while going from
> page to page, I could sure use a tip. If anyone's interested, I could
> send source code for the authentication scheme.
> Regards,
> Van
> --
Does PHP have support for cookies? If not, or do you not want cookie
warnings to be seen by the cookie-paranoid just use a hidden input in
the form. If you want to be really "bullet-proof" (well, nothing is
really bullet-proof) secure, you should not trust the value of the
cookie/hidden input but always authenticate it againt some
authentication schema.
--
Sasha Pachev
http://www.sashanet.com
