Hi
I'm learning php, so please hang in there even if this questions seems elementary to you!
I have put together several pages to construct a forum, with one page to list subjects and another to display threads, another to search etc. At the moment, when a user logs in I pass their id with the URL as they move screens so they don't have to log in all the time. Trouble is, anyone can type "http://www.myforum.co.uk?id=50" and so become that user!
I know I can write a cookie to the client pc when they register, thereby uniquely identifying them. However, what about someone who has cookies disabled, or moves to another pc on another site? If they log in then I could write another cookie to their new machine, I guess.
What I'm after is a way to preserve a session on a screen by screen basis. Can this be done without relying on cookies? e.g. the user logs in when they arrive but then don't have to until they leave the site, without resorting to the "pass the id with the URL" flawed solution I described above.
I'm just getting into this side of PHP, so sorry that my ideas are muddled. I'd be very grateful to anyone who can point me in the right direction to achieve a secure application that doesn't bug users for passwords the whole time.
Thanks for listening!
