The code does 2 things:
1.) Check if $authhash is valid, by doing the same operation as done when creating the hash on line 20.
2.) Check the timestamp to see if the hash was created less than 50 minutes ago. This means that there is a 50 minute time out.

Can you explain me please, this instruction in your code above?

$logged_in = md5($username . $time . $secretword) === $authhash && $time >= time() – 3000;

Thanks in advance,
ccapela

I try to use the new version of teleport for my website but when I test, firebug give this error ‘jpf is not define’.

When I compare with my old version I can’t find the initialisation of jpf as Kernel (Kernel =)

Anyone could help me ?

CU

The exact same goes however for session ids. If you don’t like putting session ids in URLs, don’t put the hash in an URL but put it in a cookie instead.

You can use it if your site is so popular that it needs multiple webservers with load balancing. The session data should be known on each of the servers.

I don’t see any security advantages. If someone has access to read the session file, he can probably also the configuration file of your webapp with the mysql password. If you have users other than you on the system and worry they might fish a session file out of /tmp, you can create a /session dir and make it only readable for www-data.