Jump to content

perky416

Members
  • Content Count

    177
  • Joined

  • Last visited

Community Reputation

0 Neutral

About perky416

  • Rank
    Advanced Member
  • Birthday 02/14/1988

Profile Information

  • Gender
    Male
  • Location
    West Midlands
  1. Mistake? What if I am interested in all of them? Mistake? Sounds more like advice to me. Mistake? Nope...more advice. Mistake? Again....advice. Like I said...not finished. How do you know im not going to resolve the security problems? How do you know I didn't throw together the code for test purposes? You know absolutely nothing about what I am doing with my application. All you know is I had an issue with what I was trying to achieve with the sessions. The rest of the code is irrelevant for the sake of this thread. You gave me some "advice" about coding
  2. What mistakes are you referring to? Your post seems more like advice rather than actually pointing out errors in the code? The script is still in development...it is no where near finished yet...the question in point was about session security...this is why i left out the irrelevant code in the first post.
  3. This is the code that echos the $_SESSION['username'] without the session_set_cookie_params and session_regenerate_id, but with these lines added it keeps re-directing me to my home page. Remove the re-direct and it still takes me to the members area but does not echo anything: session_set_cookie_params(time()+3600,'/','example.com',false,true); session_start(); session_regenerate_id(true); include('connect.php'); $error = array(); //validate login form if ($_POST['submit']){ !$_POST['username'] ? $error['error'] = "<div class='error'>Enter a username & password!</div>" :
  4. I tried several things. Initially i had my script set up to redirect me to the home page if a user tries to access the members area without logging in. As soon as i added session_set_cookie_params and session_regenerate_id the script it was continually returning me to the home page. I then removed the redirect and echoed $_SESSION['username'] whiched displayed the value ok but stopped displaying it with session_set_cookie_params and session_regenerate_id. Thinking it may be some conflict with the login form i created a $_SESSION['test'] as soon as the page loads and again this displayed the va
  5. The $_POST['username']; is the username input from the login form and $error is defined in the error handling for the form. I didnt include them because that part of the code works fine.
  6. Hi Guys, I have a simple user login form that creates a session. It works perfectly however I am trying to make the session more secure by using session_set_cookie_params and session_regenerate_id. The code I am using is as follows: session_set_cookie_params(time()+3600,'/','example.com',false,true); session_start(); session_regenerate_id(true); if ($_POST['submit']){ //form validation and error handling go here but removed for the purpose of this post if (empty($error)){ $_SESSION['username'] = $_POST['username']; echo "<script type='text/javascript'>document.locatio
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.