[redfrog]

Please give me feedback about my idea, outlined below, for maintaining a "secure" Content Management System (CMS) built into a website.

1. If you are not an "admin", you browse the site as a regular user like any other informational website

2. if you are an admin, you click on an "Admin" link in the bottom navigation, and enter a login and password combo

3. if the login/password are valid, here is what happens:
3a. your IP is logged
3b. a unique 32 character token is created
3c. the current time is logged (and everytime you hit a new page, if the session is < 2 hours, a new time for this account is logged)
3d. all of the things mentioned are logged to a database for that user, and your login name and the unique 32 char token is saved to a cookie on your machine

4. everytime you try to make a change using the CMS, the cookie's "user name" and "32 char token" is checked against the user name in the database to make sure the tokens match AND it has been less than 2 hours AND the IPs match too. If it all checks out, the change is allowed, if not an error message will be shown

What do you think of this scheme?

Thanks,
redfrog

[redfrog]

In a nutshell, the "key" to the scheme is the 32 char token saved to a cookie. Because it is created after a valid login, and only good for 2 hours, it is much better than using a permanent "password" saved to a cookie.

In the event that someone copies the cookie info associated with a particular username, they will only have 2 hours to login. (And even then will have to spoof the IP as well.)

I know this system is not perfect -- I would not use it for banking, for instance -- but as a lightweight system for protecting content, I feel it is sufficient.

Your thoughts?
- redfrog

[End User]

Use session_regenerate_id() and that will help make things a little bit harder for an attacker.