Most secure method of authentication?

m_tt

Whats your opinion? I've always used sessions but i'm curious as to what you guys think. I'm working on a project now and I need it to be as secure as possible.

Thanks,
Matt

feldon23

Are you securing data or specific parts of the website?

If it's the latter, .htaccess is probably the most bulletproof.

Unfortunately, I have gotten no response to my own questions about the most secure methods.

matt_4013

You'll probably find that a combination of SSL and .htaccess will be your most secure method. That's what I use if what I'm doing REALLY has to be secure. If the data isn't really that sensitive, I usually do a login routine in php, and set a session variable, and check that it's set on each page that needs be protected, simply because it looks nicer, and that's what people like 😉

zalath

I use sessions, with ip checking (of course that's no protection against spoofed IP's), a session cookie and an expiration time. It's not SSL, but then again, it's a hobby site anywys.