Hi, I am having problem in my website,how can i put security like the sitepoint did…because when i am going click anywhere in my page if the user have installed the firebug they can see what are my parameters.but i found out that sitepoint page cannot be seen when we navigate to other page and we use the firebug to see what happening in the page but i did not see parameters.Can anyone tell me how to do like sitepoint that our parameter will not be seen using firebug.
I’m not sure all the things sitepoint does to hide parameters. However, they likely store state data in the database using php sessions. These are stored on the server-side and given parameters are retrieved using database queries you will not see these using firebug or other profiling tools.
Using sessions isn’t automatically secure but it is more secure than post or get data.
Sessions are unsafe is you just store a player account ID and let them access their account assuming that is really the person logged in. But what I like to do is store the user id AND their password in a session, and then at the top of every controlled page in an include, authenticate their username/password in the database. After setting that up, I can add any other non-sensitive site preferences I want to the session. Its a pain having to constantly add new DB fields for every variable I want to track, adding them to the include file for loading into variables from the db etc… So definitely I like the convenience of session as long as I validate the account.
