On this post here: http://www.scriptcase.net/forum/forum/main-category/main-forum/78790-login-form-issue

You mention to always set global variables to ‘session’, does this go for the app_Login form also? Do you still use ‘post’ and ‘get’? Sorry for the newb questions, but I’m just learning my way around scriptcase.

Thank you.

Shawn

Actually I would recommend doing that. What you must prevent at all times is that your data is being transfered over the $post and $get and could be tampered by a hacker. You can use $post and $get, but you must always be aware of the possible consequences. Writing api’s simply cannot be done without (but they don’t use sessions).