Multi-user login script

in Session

A multi-user login script is a software system where many users can login with their unique login name and password and access protected area of that system. This protected area may be common to all users or may be user specific. All though a multi-user login script used in any software application but here I'm going to discuss the principle of working of login script used in internet world.

Basic principle

The basic principle of working of a multi-user login script used in websites is as follows.

  1. User enters his or her unique login name and password, and posts them to the web server via a web-form.
  2. The web server receives those data from the user end and search in the server database for such user name password pair.
  3. If no match found server delivers an error message to the user end and request for submitting correct data.
  4. If match found then the server follow some mechanism to remember user that it has already been logged in and no further verification is required during that session.

The mechanism by which server remember the login session of a user depends upon the level of security it requires to prevent any unauthorized access of restricted area. For example website which deals with online money like PayPal offers much tighter security of login session than a bulletin board where registered user only can post a message in the board. Here I discuss few common techniques to hold a login session.

Remember login session

After a successful login server holds one or more reference values about the user session. Whenever user trying to access a protected area server verifies those references before access and if not satisfied it redirects user into the login page. Thus the session security entirely depends upon the following factors.

  1. The references that are stored by server; are they really unique?
  2. The security of the place where the references are stored.

For a simple login system where security is not a consideration al all assigning a session or cookie of constant value is enough to validate session. At the end of the session life of those variables will normally expire. Security may be somehow extended by replacing the fixed value with the user IP address. But a good login system should record the following references about the login session and stores them in a secured database.

  1. Time of login, which will be expired after a maximum interval.
  2. User IP address.
  3. A random text, known as session code identifying the user session.

An encrypted copy of that session code is also saved as cookie. When browser requests WebPages from the server it also sends the previously saved cookie too. Then the server can validate that cookie value with the reference stored in its database.

Author Box
Archan Ghosal has 5 articles online

Author of this article is a web developer working in this field for last five years. You can find many free PHP scripts such as PHP contact form, free blog script, guestbook script, etc. in author's website. Recently he is developing a web host directory website where viewers can conveniently search their preferred web hosting service.

Add New Comment

Multi-user login script

Log in or Create Account to post a comment.
     
*
*
Security Code: Captcha Image Change Image
This article was published on 2012/02/21