Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
currently i have code, to authenticate user and save the authentication username and password in db session, which gets validate on every request.
i was thinking to change the validation method to authenticate user only once and keep success authentication in db session, But dont validate user again, if he is session user and already validated.
would this new approach is safer? or should i just validate user on each request, even if its saved on session?
You should do this:
You should never keep password clear text, and you should not store extra authentication data in your session tables. Even if you check them at each request, you are in fact just checking if your remote user (i.e. his cookie) provided the correct username and password the first time on your session… you can have the same exact result if you just set a variable in your session…