PHP and MYSQL, haven't a clue what i'm doing

[apj101]

I'm not sure about sessions, so i have set a cookie once the password and username are verified a cookie is set then each page of the admin panel checks for it, if it isn't there then an error page will displayed asking for the user to login again

Lee

well that may get the job done but
a) it wont work on non cookie enabled browsers
b) it lacks security since the data is stored locally
c) requires additional communication between client and server
d) is the password encrypted in the cookie?
e) what is the cookies persistance, when will it die? Can another user come on the machine afterwards and log in with the cookie?

Its probably too late in development to change in now anyway

 

[lee101]

well the password is encrypted, and it is invalid after 30 minutes of the first login, it works good enough, but is probably not the most efficent way, and well, there's no excuse for the non cookie enabled browsers, maybe i'll update it sometime to use sessions

Lee