Dear All,
After the great help I had with my managing users question, I have another
small question :) How should I incorparate session ids. My current scheme is
as follows:
1. A user logs into the database (through web, webservice, some other piece
of software)
2. We generate a random session key which will expire in 1 hour. Put this in
table (user, SessKey, time).
3. Give key to user.
4. User wants to do something else, so passes us the session key (cookie for
instance).
5. Should we now log onto the database a user 'nobody' who can only excute a
function which will change the user, e.g. Function = Set username to where
the session keys match.
6. Check the timestamp every so often to delete the sessionkey.
Is this right way of going about things?
Many thanks (again)
Colin
_________________________________________________________________
Sign-up for a FREE BT Broadband connection today!
http://www.msn.co.uk/specials/btbroadband
