Since cookies are hardly and hardly accepted by users, I need a better
way to store session variables. The safest way is to put trigger them
from the db, but this still not solve the problem of identifying the
user. The first thing that cross my mind was to add a querystring with
a session ID. This wouldn't be a problem I was to build a site from
scratch. But I want to add this system to all my existing sites, that
is hundreds of pages so I wonder If is possible to create a function
and put it in an include file and create them on the fly.
Of course, there is a possibility to forge it so I have to make a
script to check the validity of it... For instance, I mark the time
when user logs in and if it's more than, let's say 60 mins, i force
them to log in again and create a new session ID. Also, i need to check
each refferer so the user could not just type in the session ID. But
this also creates another problem for people who use a firewall that
hides the refferer - like I do
.
Did I make any sense at all? Any suggestions?
Topic Options
Post Options
Thanks(0)
