Site authentication with no sessions?

phpguy24

I have a login page for a user which authenticates him and directs him to the correct page if he provides the correct data. Now my question is, how will I authenticate the following pages he navigates to, without using sessions? Is the only way to use cookies? Thanks!

PHPMagician

It depends, is asking him/her for a login everytime inappropiate (most cases, yes). You could just do checks against his IP address, User Agent, Referer, etc, but I do not suggest this as it is very insecure. Why not use some form of session? You could use the session functions to set your own session handlers or alternatively make you own session engine manually.

phpguy24

Yes asking everytime is indeed inappropiate and I can't use sessions for this problem. So, I can do it using cookies right? Set a cookie for a user logged in and read it everytime he tries to access a page?

PHPMagician

You can use a cookie, yes.

Roger_Ramjet

Originally posted by phpguy24
Yes asking everytime is indeed inappropiate and I can't use sessions for this problem. So, I can do it using cookies right? Set a cookie for a user logged in and read it everytime he tries to access a page?

Always assuming a) the user has cookies turned ON in the browser, and many people don't. b) the user has not cleared out the cookies cache, which I do very often because of all the shit floating around the web these days.

Why can't you use sessions? I can't think of a good reason not to, and the only thing that could stop you is an intranet with firewall and proxies. If security is any kind of an issue then cookies are a hole you can drive the moon through. If you need real password protection then .htaccess with password for the directory or subdirectory is the other way to go; the user only logs in once and can save the password so they don't have to re-enter it each time they come back to the site: http://wsabstract.com/howto/htaccess.shtml

Have a look at this http://www.sitepoint.com/article/great-client-login-system and this http://www.sitepoint.com/print/users-php-sessions-mysql to help decide on the best approach to authentication.