[vinpkl]

hi all

i have created a new module for my site that has login area but its sessions are conflicting with another login area i think. so dont know what code to post.

so is it possible to create login authentication without sessions and cookies.

at present what i am thinking is setting the field "authorization" to "True" in my database when the user enters correct username and password and setting it ''false" if user logs out.

but in this way anyone can access the admin area till the user clicks logout buton because in this way "authorization" is set to "true" for every user till logged in user clicks logout button. anyone who knows the admin pages url can type the url in address bar and see the data in pages till the loggedin user logsout.

so what else can i do without sessions and cookies.


vineet

[job0107]

If you use an authorization field in the database to keep track of who's logged in and logged out,
you are going to end up with a lot of queries to the database.
Proper security requires you to check their logged in status every time the user goes to a new page.
That's the purpose of using a cookie or a session variable.
Cookies can time out, and that can be very useful if there is no activity for a while.
And session variables are stored in memory, that can make traversing your website a lot faster.

Sense you created the module, you should be able to come up with a unique key for the session variable or cookie in question.

I have seen many sites where you have to login several times depending on what area of the site you are accessing.
And it's possible to have unique usernames and passwords for each area.
Some areas of the site log you out when you leave the area.
While the main part of the site keeps you logged in.
There are several ways to go about this.
But using the database to keep track of your login status, will create a lot of extra activity on the server and may use up your bandwidth in a very short time.