Wil,
Back to your original point. I would recommend not storing any login information in client cookies. What I do is the following:
1) Create a client cookie upon successfully logging in. The cookie contains the following info:
a) Domain
b) UserID (not username or password)
c) Expiration info (3 hours)
2) When the user logins successfully (which is a simple check of the User table by username and password), the Session table is propegated with the following info:
a) SessionID (randomized)
b) UserID (from the Users table)
c) Date and Time Created
3) Then in each script, there is a sub call to the "authentication" subroutine in one of the Module files, which checks the UserID in the cookie file against the UserID in the session table.
The above logic is a combination of what GT Links SQL (v.1.X) offers and also from jerrysu who wrote a code hack for modify.cgi awhile back for Links SQL v.1.13. I modified his code hack to only store the UserID rather than Username that he used in his code hack.
========================================
Buh Bye!
Cheers,
Me
Back to your original point. I would recommend not storing any login information in client cookies. What I do is the following:
1) Create a client cookie upon successfully logging in. The cookie contains the following info:
a) Domain
b) UserID (not username or password)
c) Expiration info (3 hours)
2) When the user logins successfully (which is a simple check of the User table by username and password), the Session table is propegated with the following info:
a) SessionID (randomized)
b) UserID (from the Users table)
c) Date and Time Created
3) Then in each script, there is a sub call to the "authentication" subroutine in one of the Module files, which checks the UserID in the cookie file against the UserID in the session table.
The above logic is a combination of what GT Links SQL (v.1.X) offers and also from jerrysu who wrote a code hack for modify.cgi awhile back for Links SQL v.1.13. I modified his code hack to only store the UserID rather than Username that he used in his code hack.
========================================
Buh Bye!
Cheers,
Me