[Webinar] Streamline your web hosting managementRegister Today

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 242
  • Last Modified:

PHP Cookie Session Implementation

I'm somewhat a beginner to php. I've used Coldfusion, on the other hand, quite a bit. I have a client that wants to be able to check his financial records such as credit card. An excerpt from their proposal:

"Our family needs a way to access vital financial information online quickly online anywhere in the world.
We travel a lot because we are a military family. We need access from PDAs, cell phones, and laptops.
This project will continue with many phases.
We eventually want to be able to use this site to automate as many functions as daily financial activities as
possible such as sending automated event notifications, store contacts, send reminder emails, and more.
In phase one, we want to start small with a few tables, text based pages, basic functions and alike.
During this phase we want to focus on the ability to synchronize, enter, manage, and access our basic home
bills, credit cards and bank accounts online. We also want to be able to enter, view, search, print, and delete
each of these records."

He wants to be able to check these records from cell phone, pda, laptop, etc. He has stated that he would like to be able to click a checkbox so that he can just stay logged in and not be bothered with signing in, again. Is there anyone who could point me into the right direction?
1 Solution
Richard QuadlingSenior Software DeveloperCommented:
I have to ask how on earth are you going to provide a secure service without the need to login each session?

Think about this.

They lose their phone. Someone finds the phone. They turn it on. See it has a browser and probably a browser history/shortcuts.

Sees something like "Home banking and credit cards".

Selects the page and they are in.

No security.

If you have been asked to supply this sort of system, GET IT IN WRITING THAT THEY UNDERSTAND THE SECURITY CONCERNS THAT YOU HAVE.

Explain to them why we have user ids and passwords.

Explain that you, as the expert in this field, strongly recommend AGAINST having a system with no security.

If they STILL want to go ahead, then get them to sign it and have it witnessed.

If you are in the US, I can be pretty sure that the first time they suspect somethings gone wrong, they will be at your door with a solicitor or 2 saying that you didn't tell them that ANYONE could access their data.

In the big scheme of things, this is the sort of job I would walk away from if they said they still wanted no security.

HangingClownsAuthor Commented:
Thanks for the comment about what you thought. I've been told by others to back off of this project, and I thought that this one would be fine. But, since 3 out of 3 people so far say that I should back down, then maybe it's for the best.

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now