I want to know some simple theory concepts about PHP sessions -
I have a log-in system that ive made, it compares a password with one in a database, and if it is the same, it creates a session, stores that session ID in the database under that user. And creates a cookie with the same session ID, and userID.
Whenever the user visits a page, the database is queried to see if the session ID and userID match those in the database.
Am I going about the right way of doing this? Or am I doing something fundamentally wrong?
The answers so far have been helpful, and just to settle the nerves, the passwords are stored in encrypted MD5 hash, and are sent encrypted MD5, but thanks!
I have a log-in system that ive made, it compares a password with one in a database, and if it is the same, it creates a session, stores that session ID in the database under that user. And creates a cookie with the same session ID, and userID.
Whenever the user visits a page, the database is queried to see if the session ID and userID match those in the database.
Am I going about the right way of doing this? Or am I doing something fundamentally wrong?
The answers so far have been helpful, and just to settle the nerves, the passwords are stored in encrypted MD5 hash, and are sent encrypted MD5, but thanks!