Jump to content


This topic is now archived and is closed to further replies.


how to secure my websites properly

Recommended Posts

i wanted to ask you how should i protect my scripts to prevent hacking to session's and cookies - and no, im not talking about the actual insert queries that requires addslashes and so on.

In my cookies i usually just include my password (encrypted) and my UserID - check them with a simple mysql query.
The sessions usually just approves that the user has logged in properly,therefore, has only one variable named ie "has_logged_in".

are ther any common mistakes that is hould look over?
another thing is, how should i use the session.id in order to check for approved login.

thanks, ben.

Share this post

Link to post
Share on other sites
I always check the input username and password against md5 hashed username & password in the database.

If they match, set $_SESSION[username] with the name the user input onto the form by using $_SESSION[username]=$_POST[username].

Then, i add the following to each page which requires protection.

if(!$_SESSION[username]) { echo "You need to login to access this page";}
// Rest of the page content here

Share this post

Link to post
Share on other sites
i do the same things. i wanted to know if there are any other security holes that may appear (maybe there is some way to create sessions, dunno), and if there are, i should start using session id's in order to verify the users connection.
about cookies, well its actually the same because i only create the cookie and do the verification once (and the i just continue using sessions).

Share this post

Link to post
Share on other sites


Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.