Re: [Cgi-session-user] Password (or lack of one) Storage Question
Brought to you by:
sherzodr
Menu
▾
▴
Re: [Cgi-session-user] Password (or lack of one) Storage Question
|
From: root <ro...@s1...> - 2006-08-16 22:42:39
|
On Tue, Aug 15, 2006 at 09:33:54AM -0400, Mark Stosberg wrote: > I usually store the name/pass in a "users" table, and check them at > login time, at which point "is_logged_in" gets added to the session. > > After that I simply check "is_logged_in". > I used the same method as Mark does, in addition I set the value of "is_logged_in" to the PRIMARY KEY collumn of the user. This helps me not just ensure the user is authenticated, but also the ID of the user, which can be used to load his details, if need be (to greet him, may be, but read on) Although I like keeping sessions open for longer time, to ensure the privacy of the users I set an expiration to the 'is_logged_in' session parameter, from 5 to 30 minutes (depending on the sensitivity of the profile data). This allows me to still be able to greet the users with their first name even after weeks (by storing the user's name in the session object), or display their recently viewed pages, or keep their shopping cart data, but force them to re-identify themselves when it comes to accessing their sensitive profile information. Good luck. Sherzod Ruzmetov |
