Sign In
Create Account
Follow Us on Twitter
Subscribe on Youtube
hi all,
ok i have used quite a few login scripts since learning PHP but there is one thing i am curious about. Is it possible to make a login script that doesn't use cookies or sessions?????? how would you it know what user is what a how is logged in?????
i am curious about this as i have always encountered problems with cookies and sessions so was wondering if i need them at all?
Many Thanks,
J
5 replies to this topic
Back to top|
|
|
#2
Posted 05 October 2010 - 02:15 AM
DEViANT
-
- Members
-
- 358 posts
Programming Expert
I dont think theres any other way to have a login system without making use of either a.) Cookies or b.) sessions.
Cant see how you would run into problems with sessions though? Its very simple and easy to use. Just include session_start(); everywhere sessions are used and assing session array variables when a user logs in, which can then be used throughout the site?
For more documentation on sessions :
PHP Sessions
PHP: Sessions - Manual
Cant see how you would run into problems with sessions though? Its very simple and easy to use. Just include session_start(); everywhere sessions are used and assing session array variables when a user logs in, which can then be used throughout the site?
$_SESSION['user_id'] = X;
//Some other stuff
if(isset($_SESSION['user_id']))
{
//Do some stuff
}
For more documentation on sessions :
PHP Sessions
PHP: Sessions - Manual
#3
Posted 05 October 2010 - 05:09 AM
SoN9ne
-
- Members
-
- 129 posts
Programmer
To answer your question, I have seen login systems created without using a session or a cookie.
A simple break down of an example of one I replaced was that it would allow a user to login but instead of using cookies or a session it kept a flat file on the server and there was a unique ID that get generated on login that just happens to be the name of the file.
To prevent a cookie from being sent, the URLs just have a token in the URL that is the file's name... Security vulnerabilities are obvious. If a user copied the URL then whoever used it would be in that user's "session". Reminds me of older PHP sessions when they were crap.
It's a lot like the session system but it is much more vulnerable to being hacked; in fact, it is extremely easy to hack. You should stick to the PHP sessions system. It has been improved and works great if you use it properly.
DEViANT pretty much covered the rest.
A simple break down of an example of one I replaced was that it would allow a user to login but instead of using cookies or a session it kept a flat file on the server and there was a unique ID that get generated on login that just happens to be the name of the file.
To prevent a cookie from being sent, the URLs just have a token in the URL that is the file's name... Security vulnerabilities are obvious. If a user copied the URL then whoever used it would be in that user's "session". Reminds me of older PHP sessions when they were crap.
It's a lot like the session system but it is much more vulnerable to being hacked; in fact, it is extremely easy to hack. You should stick to the PHP sessions system. It has been improved and works great if you use it properly.
DEViANT pretty much covered the rest.
"Life would be so much easier if we only had the source code."
#4
Posted 15 October 2010 - 03:41 AM
noprobz09
-
- Members
-
- 8 posts
Newbie
Hello!
Its better to post your codes here, so that we can help you and we can contribute our ideas...and we will try to fix your problem as what you have encounter...Maybe I can help you about this...I have my login script...that Im using my present project...It's only a matter of changing and sharing ideas...I am also a PHP coder...GOD BLESS :)
Its better to post your codes here, so that we can help you and we can contribute our ideas...and we will try to fix your problem as what you have encounter...Maybe I can help you about this...I have my login script...that Im using my present project...It's only a matter of changing and sharing ideas...I am also a PHP coder...GOD BLESS :)
#5
Posted 15 October 2010 - 05:34 AM
unit2code
-
- Members
-
- 2 posts
Newbie
What about HTTP Authentication? I've been reading about doing authentication through a Apache Server. Documentation says that you can specify a database to store the usernames and passwords in. Thinking it would be nice to have a user profile in a database to contain the session information for PHP to access, also. Not sure if it is possible, I can't even get authentication to work on my server, seems I have a lot to learn about Apache Web Server.
#6
Posted 15 October 2010 - 07:32 AM
welton122
-
- Members
-
- 76 posts
Learning Programmer
hi thanks everyone for submitting your ideas but i have fixed the problem. The problem was actual down to the free web server i was using (a zymic server). It was not handling the cookies and sessions correctly but now i have changed servers and all is well.
Thanks again.
Thanks again.
