[thelist] Bypassing a login
Rob Whitener
rwhitener at DesignOptions.com
Tue Jan 28 09:10:02 CST 2003
>>any page which should be only be accessible by logged-in users should
check for that session variable/cookie.
Thanks for the tip, I guess that is pretty obvious isn't it. I imagine that
this could also be extended to include when the user travels outside of the
secure area to the home page or photogallery. Set a cookie that holds the
same info? or should I generate some new information once the user is logged
in to keep track of the session?
Thanks again,
Rob
-----Original Message-----
From: Scott Brady [mailto:evolt at scottbrady.net]
Sent: Tuesday, January 28, 2003 9:59 AM
To: thelist at lists.evolt.org
Subject: Re: [thelist] Bypassing a login
From: Rob Whitener <rwhitener at DesignOptions.com>
> Is there anyway to prevent people from just typing in a URL to
> get around the login. They wouldn't be able to see any
> information, but I will have a mailing list that I wouldn't
> want anyone monkeying with.
If the login is processed so that it sets a session variable/cookie when
they've logged in, any page which should be only be accessible by logged-in
users should check for that session variable/cookie. If it doesn't exist or
show them as logged in, then redirect them to the login screen
Scott Brady
--
* * Please support the community that supports you. * *
http://evolt.org/help_support_evolt/
For unsubscribe and other options, including the Tip Harvester
and archives of thelist go to: http://lists.evolt.org
Workers of the Web, evolt !
More information about the thelist
mailing list