User Login Schemes

Anon

I want to create something efficient and scalable for a members page. Right now, I have an algorithm that sets a session variable to an unique ID for the user logged in, and every time they visit a private page, I re-calculate the unique ID and compare it to the session variable.

Ok I am a true PHP NewB, but I am interested on what others thought of this for a login thing. Would it be more efficient to store the unique ID in a database and query for it every time I want to compare to what the session variable is? How should I re-design this system?

What fast, scalable user login scheme have you people used?

Anon

Hi,

What type of numbers are we talking about here?

I am sure you could hack "http://www.phpbuilder.com/columns/ying20000602.php3" to work for you.

I would start a new seesion evertime someone enters the user secured area and then just make sure the person has a session or do something.

Justin

Anon

i wrote a fairly extensive user login library that you can feel free to rip off if you want. it's at http://homepage.mac.com/ghorwood/php_lib_login/

bretticus

Wood wrote:

What fast, scalable user login scheme have you people used?

What exactly are you trying to do? BTW, the whole concept of a session is assigning a unique id that is stored via cookie or url so that a client can have serverside variables stored and reaccessed by that unique session id.

Therefore...

What I usually do is have the user login by entering his/her username and password and validating that against a user record in the db. Then I set any session variables set for that user from the db (such as permission level, userid, etc.) From that point on it's very easy manage permissions and access to the site.