Keith and The Girl Forums - View Single Post

colk · 07-16-2009, 10:41 AM

I see an issue the cookie has to be valid for both the http side and the https , otherwise when you switch to http after logging in you will get stuck in a login loop. One way to accomplish this is to have the cookie set via http point to the https id using a secure identifier (ie salt etc). The main issue is the cookie for http will be passed in clear text over the wire so whatever info you put into it cannot be used to login directly to the site if someone yanked the cookie. Also, you should look into separating your HTML and php using something like smarty. (Just a suggestion makes the code look clean)

07-16-2009, 10:41 AM	#63 (permalink)
colk Senior Member Join Date: Nov 2005 Location: Norfolk, VA Posts: 262	I see an issue the cookie has to be valid for both the http side and the https , otherwise when you switch to http after logging in you will get stuck in a login loop. One way to accomplish this is to have the cookie set via http point to the https id using a secure identifier (ie salt etc). The main issue is the cookie for http will be passed in clear text over the wire so whatever info you put into it cannot be used to login directly to the site if someone yanked the cookie. Also, you should look into separating your HTML and php using something like smarty. (Just a suggestion makes the code look clean)
(Offline)