User authentication

~~Caleb~~ · 07-02-2008, 12:05 AM

Just wondering how the majority of HxF uses sessions.

Do you:

1. Use cookies.
2. Use $_SESSION
3. Another method? Explain.

Blackcomb · 07-02-2008, 12:09 AM

Other(cause i don't know the full method)
I use vbulletins login, i basically use my own script to encrypt the passwords and send it off to the vbulletin login that sets cookies for three different sites.

The Forum
The Main Site
And the radio
all are hosted on the same server just different domains. This enables every user to only have to login once.

Bryce

QuickScriptz · 07-02-2008, 04:13 AM

I use sessions ($_SESSION). My main reasons for this are as follows;

a) They aren't stored in the browser and therefore it is more difficult for the user to interfere/mess around with them.

b) They are easier to set, modify, and unset/delete.

c) Sessions work on a per-site/per-server basis and therefore if a user has a session set by your site and then they go visit joe's website, joe's website won't be able to access or view the sessions set by your site.

d) Since sessions are stored on the server and not in the browser there's less back and forth between the two which [to some extent] makes sessions more secure.

e) Sessions work even if cookies have been disabled in the users browser.

f) I have just always used sessions and so I stick with what I know best

[Oli] · 07-02-2008, 10:09 AM

$_sessions here, been using it on all my systems, love it

Jme · 07-02-2008, 11:26 AM

I used to use cookies a lot because i don't see why everyone says they're so insecure, if you use them properly they're perfectly secure. But lately I've been using sessions they're just easier to work with i guess..

MrCraig · 07-02-2008, 12:25 PM

I use both sessions and cookies.

Depends if i want the user to still be logged in next time they visit the page.

~~Caleb~~ · 07-02-2008, 09:43 PM

Originally Posted by Jme

I used to use cookies a lot because i don't see why everyone says they're so insecure, if you use them properly they're perfectly secure. But lately I've been using sessions they're just easier to work with i guess..

Well to be honest, most users on HxF are not experienced enough to make cookies secure, hence why they use sessions.

Colin-Roberts · 08-02-2008, 01:40 AM

session's
Running a game security is the one of the main concerns

~~Caleb~~ · 08-02-2008, 01:41 AM

Originally Posted by Colin-Roberts

session's
Running a game security is the one of the main concerns

True, but just because you use sessions does not ensure security, there are ways to use them.. and ways to not.

QuickScriptz · 08-02-2008, 12:20 PM

Originally Posted by Caleb

True, but just because you use sessions does not ensure security, there are ways to use them.. and ways to not.

True... the only reason I really find I use Cookies is like someone said above, if a user needs/wants to stay logged in. Or in other situations if you're logging information about the user (like visitor tracking type thing).

Now I do have to disagree with the other thing Caleb said about most people not knowing how to make Cookies secure.... well it's not really any different than Sessions.... as long as you one-way-encrypt the password before storing it you're pretty much good to go (oh, and you just have to make sure the cookie doesn't never expire).... ya...

Thread: User authentication

Thread Tools

User authentication

Posting Permissions