session security stuff

jk11uk · May 9, 2008

my login page regenerates the session id then sets $_SESSION[user] = (the username logged in with)

this $_SESSION[user] is then used to get info on loads of different pages. would a hacker just easily be able to make a session and set their username to whatever they wanted? ofr is this seccure?

Xurion · May 9, 2008

No, that's a safe way to do it.

Xurion · May 9, 2008

Also, correct syntax would be:

$_SESSION['user']

conker87 · May 9, 2008

Also, correct syntax would be:

$_SESSION['user']

Not really.

echo "$_SESSION[user]";

works, while

echo "$_SESSION['user']";

wouldn't.

jk11uk · May 9, 2008

thanks a lot everyone

mlin · May 9, 2008

Not really.

echo "$_SESSION[user]";

works, while

echo "$_SESSION['user']";

wouldn't.

I believe you that it somehow works in your application, but he's right about the syntax. If the key is anything other than a numerical index, the key String should be quoted as such. To echo in quotes without concatenating, or saving the session var into a simpler var like $user = $_SESSION['user'], then echoing, you can use this syntax (I forget the name):

echo "{$_SESSION['user']}";

works for all arrays such as:

echo "favorite browser is {$browsers['favorite']}, while the worst is {$browsers['worst']}";

PFMaBiSmAd · May 9, 2008

The curly bracket {} method is recommend so that you can use the same syntax for variables inside of double-quoted strings that you use for variables not in strings.

Sign In

session security stuff

Recommended Posts

jk11uk

Link to comment

Share on other sites

Xurion

Link to comment

Share on other sites

Xurion

Link to comment

Share on other sites

conker87

Link to comment

Share on other sites

jk11uk

Link to comment

Share on other sites

mlin

Link to comment

Share on other sites

PFMaBiSmAd

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information