Which is the best way for authentication

Anon

Hello,

Which is the best way for page athentication? Using session, cookie or .htpasswd? and which is more secure?

Thank you

nashirak

First of all a session usually uses cookies for authenticatation (usually... but you can do it without using cookies). I would say it would depend on how well you wrote your session stuff. Most sites (amazon, yahoo...etc) use sessions for authentication. So I would have to go with sessions. I think the "normal" way to do it is to have the user log into a database with a username and password. The password would be hashed, and you would compare the 2 hashes. Then you could start your sessions. If you are really wanting some security couple this with some 128bit SSL encryption (apache-ssl). Keep in mind though that you can do your best as far as security goes, but no site is 100% secure.

Keep in mind this is all my humble opinion. :-)
Hope that Helps!

Anon

I'm a huge sessions fan.
It has so many advantages over .htaccess
First, you can store session variables that follow the user wherever they go in the site, without having to use the URL to pass info such as username, password, or any piece of data that is needed regularly throughout the site.

I have to admit that I'm biased, though. Just make sure you do plenty of research before you make a decision

-=Lazzerous=-