|
it
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Cookie and Db User Authentication
This is a question that has probably been answered before on the
newsgroup but probably in fragments. This is what I would like to do, and I only have a very vague idea where to find the answer. Directions would be useful. 1. Users arrive at the site. If they are registered they log in. If not they sign up for registration. 2. The authentication information such as username and password are held in a db, for security reasons the password should not be passed in plain text. 3. When the user is logged in the session information should be held in a cookie so that if the user returns in a short period of time they will automatically be logged in. The cookie will also be used to personalise certain parts of the site. thanks in advance another thing to add is that running under SSL can solve the password form
passing issues www.aspprotect.com has a free version that is worth checking out.. then you can see how things like this work www.aspin.com and www.codewanker.com are also full of links to authentication examples <webmas***@webteq.net> wrote in message Show quote news:1134078253.699983.91110@z14g2000cwz.googlegroups.com... > This is a question that has probably been answered before on the > newsgroup but probably in fragments. This is what I would like to do, > and I only have a very vague idea where to find the answer. Directions > would be useful. > > 1. Users arrive at the site. If they are registered they log in. If not > they sign up for registration. > > 2. The authentication information such as username and password are > held in a db, for security reasons the password should not be passed in > plain text. > > 3. When the user is logged in the session information should be held in > a cookie so that if the user returns in a short period of time they > will automatically be logged in. The cookie will also be used to > personalise certain parts of the site. > > thanks in advance > Larry,
Thanks for your very quick response. The first of your suggestions seems the perfect solution to my needs. Thanks again And for #3 you could store in the cookie a uniqueidentifier that changes
regularly so that you don't compromise the password client side... -- Show quotePatrice <webmas***@webteq.net> a écrit dans le message de news:1134120437.937213.262600@g43g2000cwa.googlegroups.com... > Larry, > > Thanks for your very quick response. The first of your suggestions > seems the perfect solution to my needs. > > Thanks again >  |
|||||||||||||||||||||||
Other interesting topics