security issue

Results 1 to 3 of 3

Thread: security issue

  1. #1
    Troy Guest

    Default security issue

    I am thinking of writing a script to force users to login before they can view any page in my web site. For example, say a user bookmarks a page of my website, and opens it from his list of bookmarks, then the script should redirect him to the login page since he didn&#039;t login properly.<BR><BR>My plan is to use either a session or a cookie variable. But in my readings, it&#039;s been stressed that session is EVIL. So I&#039;m kind of inclined to use response.cookies. But I&#039;m wondering if this is the best idea to implement or is there a better way of doing it. Maybe a Javascript implementation too?<BR><BR>I need your advice. Pls help. Thanks.

  2. #2
    Join Date
    Dec 1969

    Default RE: security issue

    I don&#039;t see a problem with one single session variable that stores the users ID number once they have logged on.

  3. #3
    Join Date
    Dec 1969

    Default RE: security issue

    I agree with Oli here. The things that make the session object "evil" is when you do things like storing large amounts of data in the session. A couple of pieces of info isn&#039;t going to be that taxing on the server, but if you have a lot of info being stored in the session, that&#039;s where you&#039;re going to take the hit. Just make a simple check on a session variable and redirect them off if it&#039;s not there. <BR><BR>Hope this helps.<BR><BR>Killroy

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts