User Authentication

nesta

For user authentication, I've made a login page which starts a session & creates a session variable named "authenticated" .. I then have a "secure.php" which checks to see if the session variable "autheticated" is set & if not exit()s ... this file is included at the top of all php files i want "protected" ...

Is this a good & secure method??

This seems to require cookies... which surprised me b/c I don't like assuming anything about clients.

amcgrath

You'll get conflicting godd & secure methods, so I won't speak to that, rather just suggest you prepend the secure script in php.ini then you won;t have to remember to include on every page....

nesta

Could you describe what "prepend to my php.ini" meant?

I have many different sites on my webserver.. and wouldn't including the secure.php in all my files cause the pages I want to make available to the public to require a login?