Msg#: 3981181 posted 10:27 am on Sep 1, 2009 (gmt 0)
thanks for your replies. will it be safe to store a users password in a session variable? i need to store the password so that i can log the user into certain applications automatically. or should i store it encrypted? and then decrypt it when needed?
If you want to save their log in after they close the browser for an extended period of time then you need to use a COOKIE. Also, for the security issue, you can store the passwords encrypted, but anything that can be decrypted can be hacked and someone could catch it. What I would recommend is having an encrypted session variable name with an encrypted value. Look at this php
//if the user is logged in set the variable to this $_SESSION['userLogged'] = md5("loggedIn");
Just use their username to get their information, but check if that session variable equals that to see if they are logged in.
Msg#: 3981181 posted 12:44 am on Sep 3, 2009 (gmt 0)
Also, you can change your session time (if you run the server that hosts your website that is). If you have facebook open it sometime and just leave it open and see how their sessions are. It's a really long time.