Welcome to WebmasterWorld Guest from 22.214.171.124
I've wrote the first part, which is register/email confirmation/forgot password and now I'm moving to the part where I check the username/password and if valid, sign them in.
I know how to store single variables in the session or create a cookie with a validuser=y/n, but I've no idea where I should be going from here (in a secure way).
Do I encrypt a variable in the session/cookie? This may be kind of obvious, but unless you've done it before - you don't know.
I've looked at a few tutorials on this but (as always) there are multiple ways of doing things.
Can someone break down what I need to do now in to smaller chunks please.
henry0 I did see people mentioning that, and I think that is where the confusion came from.
Can anyone give me some more info on what to do with the cookie. Do I store the visitors username/password (encrypted) in the cookie and check are authorised at the start of each session, then hold that variable "Y/N" in the session?