On Tue, 13 Mar 2001, Michael Fork wrote:
->not if the include file ends with a .php -- since it is in <? ?>, anybody
->acessing the file from a web browser would not be able to see it.
I misunderstood, I thought you meant that you would put that code in an included
file. Which anybody could get at. However the code being hidden doesn't change
that I could look for a cookie from your domain, see it's value, and still
create another cookie.
What you're all looking for is a *session based* authentication system. PHP does
this, and you can do it yourself if you have a database set up.
-- Dave
---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo@postgresql.org so that your
message can get through to the mailing list cleanly