Hi,

What code (language), software, script, etc. would be the most secure method for website password protection with logout and session timer ?

Any suggestions would be appreciated.

As far as languages go take your pick. PHP is a common choice.

If you're looking for an existing script or CMS you'll also have plenty of options.

If you're more specific about what you are trying to do and what resources you have I or someone else can narrow it down a bit.

Thank you for responding.

I want to protect an application. I just don't want to put it "naked" on the web. I need a "lockbox". The application already has a PHP login system but I don't trust it and want it to be the secondary line of protection.

This is what I'm trying to do. I made a diagram because it is kind of confusing to explain. My diagram.

1. What is the most secure way (language, application) to make the big yellow locks?
2. Where is the most secure place to put the big yellow locks and the applications they protect (a separate folder, a different server)?

You can use a cookie code, everytime the user comes to the site, the cookie would be compared to the value stored in a database, on match site would load and a new cookie value would be stored and the value in the database updated. This of course would be backed up by conventional log-in.

Even if the user himself hacked his cookie and gave it away, he just gave away his access. Also the cookie could be matched to IP.

Hi,

I am going to switch between Perl and PHP with a timed cookie and use SSL for the PHP.

Thanks for the suggestions!