jk11uk Posted May 9, 2008 Share Posted May 9, 2008 my login page regenerates the session id then sets $_SESSION[user] = (the username logged in with) this $_SESSION[user] is then used to get info on loads of different pages. would a hacker just easily be able to make a session and set their username to whatever they wanted? ofr is this seccure? Quote Link to comment Share on other sites More sharing options...
Xurion Posted May 9, 2008 Share Posted May 9, 2008 No, that's a safe way to do it. Quote Link to comment Share on other sites More sharing options...
Xurion Posted May 9, 2008 Share Posted May 9, 2008 Also, correct syntax would be: $_SESSION['user'] Quote Link to comment Share on other sites More sharing options...
conker87 Posted May 9, 2008 Share Posted May 9, 2008 Also, correct syntax would be: $_SESSION['user'] Not really. echo "$_SESSION[user]"; works, while echo "$_SESSION['user']"; wouldn't. Quote Link to comment Share on other sites More sharing options...
jk11uk Posted May 9, 2008 Author Share Posted May 9, 2008 thanks a lot everyone Quote Link to comment Share on other sites More sharing options...
mlin Posted May 9, 2008 Share Posted May 9, 2008 Not really. echo "$_SESSION[user]"; works, while echo "$_SESSION['user']"; wouldn't. I believe you that it somehow works in your application, but he's right about the syntax. If the key is anything other than a numerical index, the key String should be quoted as such. To echo in quotes without concatenating, or saving the session var into a simpler var like $user = $_SESSION['user'], then echoing, you can use this syntax (I forget the name): echo "{$_SESSION['user']}"; works for all arrays such as: echo "favorite browser is {$browsers['favorite']}, while the worst is {$browsers['worst']}"; Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted May 9, 2008 Share Posted May 9, 2008 The curly bracket {} method is recommend so that you can use the same syntax for variables inside of double-quoted strings that you use for variables not in strings. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.