Quote:
|
Originally Posted by dreasi0n
Hi there,
I'm building a site that is supposed to evolve to a new stage allowing the users to Register, Login and Logout. I'm already using session to count site visits.
I know the basic on working with sessions and cookies but I have some problems when trying to understand some aspects of it all together. So if anyone could tell me the general idea or point me to a tutorial I would appreciate.
My questions or difficulties are:
- When a user navigates to the site, how can I know if it is a guest? I ask this because the feature "Remember me" on the login page. How can I remember the user? Is this with cookies?
- If this is with cookies, what should I save in the cookie? The session ID? The username and password MD5'ed? Can I assume that the cookie info is correct? How can I load the user old session?
- How can I keep counting visits with the new session implementation? Can I create a session before a valid login? Is this secure? Can I transfer a guest session to a valid user session when the guest user log in?
- When the user log out do I destroy the session or do I set a session variable to False to indicate that the user is not logged in? And how can I prevent a "remember me" to automatically login after the user selects to log out?
Thanks |
1. Yes, the "Remember Me" function that many sties use simply put a cookie on the user computer, then search for it every times the page loads. If its there, then you know its a user and can log them in automatically. If its not, then either its a guest or the user lost/deleted his cookie.
2. I keep the username and password (MD5-ed, preferably). You only create the cookie after the user has sucesssfuly logged in, so the info muct be correct.
3. Umm, lost me here, sorry.
4. When they click logout you can also delete the cookie if you want, or direct them to a page that won't run the auto-login script.
Need general guidelines to Login/Register/Logout with sessions...
Linear Mode
