"URL." or "SESSION." 2

[mimi2]

Hi,
Here i go with my stupid question. I am trying to understand a tutorial i found somewhere (about logins and authorizations).
What is the difference between URL.NameOfVariable and SESSION.NameOfVariable ?
Thanks
mimi

 

[RedLion]

You've to look out with using URL variables in security issues! I've seen it happen to often that someone lets a user login and than pas his userId by URL. When you login as another user and change the Id in the URL you get the identity from another user. Look out!;-)

Charl

 

[webmigit]

Mimi2,

If you are wanting to pass by url variable, I can show you a fair way to encrypt the password, just give me your email address, it will be fairly hard for users not knowing the encryption process not to unencrypt.. I won't say it here because no one else needs to know how you encrypt your passwords.

But as RedLion said, I would use sessions or at least cookies to make it work.. Neither are 100% secure (Nothing is.) but its alot more work to edit or access a cookie than it is to edit or access a URL..

Thanks,
Tony Hicks

 

[mimi2]

Hi Tony,
My email: mimilafleur2@yahoo.com
I have a page A for administration login.
page B for information listing whitch is accessible to everybody. It is possible to change the info from page B, calling page C.
I would like page A to be called when ever changes are needed, so that only the administrator has access to that task.
My question is how do i keep the ID from page B to page C, but going thru page A. (!!!?)
Thanks again
mimi