Member area security...?

adamsoderqvist · Jul 10, 2002

Hi everyone,

In my project I'm working on, I have a login area for members. I use the technique with checking if username and password exists in a DB, and then saving the username in a session variable. The session variable is then used by each singe page to make sure that the user "took the right way in" (i.e.: is the Session("UserName&quot

-variable empty or not...). If the user went right in - he or she will be bounced out again.

Now, this is a sort of security system that will keep out the amatures - but those who choose to spend a little time with it will definately enter!

What could be done in this matter?

snowboardr · Jul 10, 2002

Cookies could be used as an option to the user who will spend more time.

fatstu · Jul 10, 2002

Agreed, cookies are the simple to create and you can also have include a few lines of code in each page to check it is present and throw out users if it isnt.

fillup07 · Jul 10, 2002

Is using Sessions to check whether or not someone is logged in insecure? -Phil
fillup07@hotmail.com

adamsoderqvist · Jul 10, 2002

Well, I'm not that much of a server-knowledge-person, so I assumed that since session var´s are a bit "on the fly", they can be manipulated with...

The problem with cookies is that they are required to be "on" for them to use... of course you could have a check for this, but still: it requires something extra from the user!

Thanx everyone!

snowboardr · Jul 10, 2002

Sessions are secure, and I hanv't seen anyway of being able to manipulate them, unless you have access to the server.

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Member area security...?

adamsoderqvist

Programmer

snowboardr

Programmer

fatstu

Technical User

fillup07

Vendor

adamsoderqvist

Programmer

snowboardr

Programmer

Similar threads

Part and Inventory Search

Sponsor