On Fri, Nov 09, 2001 at 04:34:24PM +0100, Loïc wrote:
use an home-made session system? This is not an hard thing: it would just require a mysql table.
I've started to work again on this but am facing a first problem. Let's say only the standard user may use the session table. Once the user is logged into, his login/password must be stored into this session table and the standard user must be able to get them, you know the standard user I've just removed every priv. on the "Password" column from the "mysql.user" table in order to improve security..... :(
mmm, if you can't look at the password column field, how can you check if the password is correct ? I don't get the point here :)
it would just require a mysql table. (id, session_id, username, db, passwd, ip, expiration, timestamp)
Hum why:
- id and session_id?
mmm, forget id, it's just a standard field in all my tables (using mysql classes to access the data).
- db (no very usefull without hostname and table name at least)?
was just a 2 min draft... with db I meant the db number from $cfgServers[1], $cfgServers[2], etc...
- expiration and timestamp?
expiration: to allow automatic deletion of session after a defined time limit timestamp: for admin information, to see last action
Olivier, from the first snowy day of the winter :)
-
Olivier M.