Phoenix.pm: Keeping track of web logins

Mike Cantrell mikec at autodispatch.com
Tue Aug 1 18:29:36 CDT 2000


I'm wondering if someone out there has a good method of keeping track of web
logins when going from page to page. I've ofter relied on .htaccess to
generate a $ENV{REMOTE} user to check against but what if you aren't using
.htaccess and have a html based login form?

1) I've thought about setting temp cookies but that seems like a security
problem and I'd rather not use cookies anyways.

2) creating hidden tags to pass along to the next page if it's a form but
what if it's not a form? That also seems like a security problem.

3) encoding the login/passwd into the URL string but that seems to be a
security problem as well. Has anyone tried encrypting the login/passwd in
the URL string? Is there any good doc's out there on doing such a thing?

4) I often see long sessionID variables in URL strings of sites I've logged
into but I'm not sure what they are doing with it.

Anyone else know of a better way?

Best Regards,
Mike Cantrell




More information about the Phoenix-pm mailing list