Click here to get back home

So what happens after creating the login mechanism?
 HomeNewsGroups | Search | About
Login Password
Register Now!
 comp.lang.php    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
So what happens after creating the login mechanism? pek 06-25-2008
Posted by pek on June 25, 2008, 8:52 am
Please log in for more thread options
 I have read a lot of tutorials on how to create a login mechanism (a
lot of which I found really useful). None of them however explain how
do you check if the user is or is not in fact logged in.

What is your implementation? What do you believe is a good practice
and what is not? Do you provide both sessions and cookies for temporal
and long-term logins..?

Posted by C. (http://symcbean.blogspot.c on June 26, 2008, 8:42 am
Please log in for more thread options
> I have read a lot of tutorials on how to create a login mechanism (a
> lot of which I found really useful). None of them however explain how
> do you check if the user is or is not in fact logged in.
>
> What is your implementation? What do you believe is a good practice
> and what is not? Do you provide both sessions and cookies for temporal
> and long-term logins..?

You're confusing authentication and session management. If you try to
make them the same thing, and you allow users to login without
expiring for a long period of time you will have to maintain the user
session for that time - which is not going to scale well nor allow for
change management.

By all means allow your website to 'remember me' - but implement this
seperately from the session handling.

Then do authentication for any users who does not have a valid
session, if the user is authenticated, create a session or flag the
session as valid.

C.


Posted by Peter H. Coffin on June 27, 2008, 9:54 am
Please log in for more thread options
On Wed, 25 Jun 2008 14:38:15 -0700 (PDT), pek wrote:
> Yes, I kinda know all this. My question was what is your actual code
> that looks if a user is logged in or not?
> Is it something likes this:
>
> if ( isset($_SESSION['user'])) {
> // he is logged in
> } else {
> // redirect to login
> }
>
> Or is it more advanced?

That's usually sufficient for casual "logged in" checking. I'd work
harder for financial information, but for a "is this user allowed to
comment on these pictures" kind of thing? It's probably all you need.

--
With a Dremel tool and a cut-off wheel, _everything_ takes a flat-blade
screwdriver.
                         -- Matt Roberds in the Monastery

Similar ThreadsPosted
Payment mechanism on my website January 23, 2008, 1:49 pm
What mechanism may be used in PHP that will act as #define and #ifndef March 29, 2008, 8:14 pm
Voting mechanism (think digg) without registration October 31, 2006, 2:25 pm
Login lgout and login without closing session gives redirection error June 15, 2005, 5:54 pm
how to create 'remember login' functionality during login October 30, 2007, 5:24 am
Authorization code for access to administration - Dialog ask for login and password three times then the authorization failed although I entered correct pw and login April 29, 2007, 10:38 am
Creating a web forum December 17, 2004, 12:47 pm
creating subdomains using php January 11, 2005, 11:47 pm
Creating a .ico file with php, is it possible? February 4, 2005, 9:04 am
creating subdomains using php June 1, 2005, 1:43 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap