NYCPHP Meetup

[bz-gmort at beezifies.com]

Kenneth Downs wrote:
> That can only be done if the password is stored on the browser between 
> requests.  No thanks!
> At any rate, in principle I believe that sessions are a bad way to do 
> things, they just have that bag-on-the-side feel.  The only permanent 
> use of a session in Andromeda is to store user information, notably 
> user_id and password.

Why do you need to store the password?

Once the user has authenticated, their authenticated.  You don't need to 
keep a password lying around past that point unless you want to make 
them re-authenticate each time they access some data.  And since your 
storing that information on the server, it's somewhat irrelevant to 
store it since your already trusting whatever other mechanisms you have 
between the user and the server.

Though I would point out that with browsers these days, that password is 
gonna be stored on the browser no matter what you do short of embedding 
a flash or java applet to process the logon.  They save so much 
information, the user might have to explicitly confirm saving the 
address, but it will be saved.