best way for &quot;sign in&quot;

best way for "sign in"

pennyw1s3

If I needed to make a site which required users to log in before doing what they came here to do...

would it better to auth off a db or via session cookie?

thinking about the amount of coding required on each page to check if the user was currently authenticated.

any thoughts?

bad76

QUOTE]Originally posted by pennyw1s3
would it better to auth off a db or via session cookie?

thinking about the amount of coding required on each page to check if the user was currently authenticated.
[/QUOTE]

Hi,
give a look to de "code critique" forum,
you'll find a lot of example.

And, session and db are used together...

The usually way to do this:

logging-in
- get usr/pwd
- look in db if all is ok
- start a session
- register usefull var, user relative, in session (like level and name)

checking (in every page)
- look if session is started
- look for level

logging-out
- delete any session variables.

Naturally there is a lot of security related issue, but you can learn in a second moment, when you know how session work.

I hope this helps you.