Login script

I made a really clean login script, the only problem is that when you move from one page to the other, it logs you out.

I was going to have the login script make a javascript cookie, and then every page you go to check to make sure you have a cookie full of valid info and then set your status to logged in again, but this got really complicated becasue you cant easily pass info from javascript to php.

I heard that you could do it through $_GET, but that clutters up the URL and i know its not nessesary. if Hellboundhackers page dosnt have to do it, then neither do i ;)

I also tried php cookies, but those always need to be the very first thing in a page, and my script requires that a cookie be set at one of two places in the middle of the code. (within an if statement). so that idea fell apart.

I started to try and make the js cookie go into a hidden form and get passed as $_POST data, but im just starting to learn javascript and putting the cookie into the hidden form proved too challenging for a frustrated me, and even if i finished it I dont know how I can get the $_POST data to submit no matter what link on the page you click.

so anyone else know how to easily get login information to follow a person around and be readable by php as they browse your page?

http://uk.php.net/session

Use sessions and POST, GEt is certainly too unsecure for that.

Also code a unique token system to prevent session hijacking/fixation.

Just took a quick skim through that page. It looks to be exactly what im looking for.

Thanks alot, you saved me many a bruise banging my forhead against the screen :p

edit: mental note: I see this is how HBH does it too.

The_Cell wrote: Also code a unique token system to prevent session hijacking/fixation.

token system? care to explain?

The_Cell wrote: Also code a unique token system to prevent session hijacking/fixation.

token system? care to explain?