Is this safe or not

Anon

When a user loggs in on my page his username and a his password (crypted using the crypt function) is stored in a session var.

On the top of every member page i check if the user is logged in. If he is, i crypt the password (using the same salt as the stored password) matching his username and compares it with the stored one in the session var.
If they dont match, redirect him to the login page..

Is this a safe way to handle login?

Tnx in advance and pardon my english 🙂
/erik

Anon

Seems like it would to me. The only issue I have regards when the user initially logs in. When the user types in his or her password and clicks submit, someone can eavesdrop on it.

Later on,
BDKR

Anon

It seems that it would be safer than just using session vars only, however crypting and uncrypting username, password in session vars is computationally expensive.

If your information isn't that important, you can login users via SSL, dump safe cookie on their machine, and instead of doing crypting you can just check for the cookie, since cookies in php are similar to global variables.