Security

Anon

I was using cookies for user login, but had some problems, with expired pages kicking them out of the site. Luckly It was only me testing.

I am now passing variables through the address bar. pagename.php?ID=&username

Ect Ect Ect.

My problem now is, coding this, or hidding it without using a frame.

Would prefer encoding this.

How do proffesional sites do this?

Anon

there are lot of ways doing it, but it depends what kind of site you are designing for.
It's not very clear that how your cookie is not exactly working but anyway.. Passing username with query string is also an option, but there are a common fitfall in it, like what if someone types

www.yoursite.com/your_profile.php?ID=tabish

then he can automatically access your entire site by using this querystring.

And as far as hiding this variable is concern... I do not think that there is any secure way of hiding it .. because hackers knows better how to read the source code. putting it in into a frame or passing it through "Hidden" feild would also be not a good option..So the question is ..what is the best option of doing this??

As far as i think .. I prefer , Cookies/Session or if you want to make it more secure then use some "random" number login. think about it and if it is still confusing please let me know..

Regards
Tabish

Anon

Cookies would not work, because:

I used a IF Else scrit, if they stayed logged in for more than 20 minutes without activity, then if they move to another page, it would kick them out, problem is that if they try to go back to that page, a lot of the time this was the index to the password section, there cache would save the script that kicked them out. I do not like cookies. This is for a School Intranet, The Intranet has 2 sections, a staff and a student section, the staff section is password protected, but how can i prevent the students from accessing it. I was wondering about you stament, random variables, and numbers.

How would this work?

I am trying to avoide cookies cause some teachers or students, disable them.