To log a user out, you simply
remove the ID from the session state.
To log in, a customer needs to supply a username (we??™ll use the customer??™s e-mail
address here because it is guaranteed to be unique) and a password. Sending this information
over the Internet is a sensitive issue because third parties can eavesdrop and capture it.
Later in this chapter, we??™ll look at how to enable secure communications over the Internet.
For now, though, we??™ll concentrate on the authentication side of things, which is unaffected
by the type of connection used to transmit the e-mail address and password of the customer.
Another issue related to security concerns storing user passwords. It isn??™t a good idea to
store user passwords in your database in plain text because this information is a potential target
for attack. Instead, you should store what is known as the hash of the password. A hash is
a unique string that represents the password but cannot be converted into the password itself.
To validate the password entered by the user, then, you simply need to generate a hash for the
password entered and compare it with the hash stored in your database. If the hashes match,
then the passwords entered match as well, so you can be sure the customer is genuine.
This leads to another important task??”you need to supply a way for new users to register.
Pages:
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598