I want to provide little more guidance.
One more reason why not to use cookies: Cookie data are limited (I believe max 2K). For PDA it might be even less. It really should be only some kind of ID.
How to use SessionID:
You need to store sessionID in database. For each sessionID you'll store all needed information, like UserID (no need to put it into cookie). When user logs in, you'll check if s/he has a session, if it expired etc and read all info you thought you wanted to store in cookie. You may not allow new login before old session expired to avoid multiple persons accessing same data.
If sesionID is valid, you may want to 'renew' expiration timestamp, so session will expire i.e. after 15 minutes idle.
For valid new login, you create new sessionID (really big random number) and pass it on into every page in that session. Even if malicious user will try to subvert your security, there is little chance s/he will guess valid sessioID and be able to impersonate other user.
Hope this helps.
pmas
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.