everurssantosh Posted September 20, 2008 Share Posted September 20, 2008 Hi, I am working for a website where I am managing the security in session. After loggin in i store a unique number in session with user id. On surfing each page, i am checking the session and approving user authentication. But in IE7, if the user opens one mroe tab in the same IE and works, the session is shared and every thing gets meshed up. I want to change the type of authentication and make the application more secured. I also want to make sure that if user presses F5 or refresh the page, the session will expire and user will get logged off. please help me achieve this. Any guidance on authenticating the user and maintaining the same thru out the session without using session varriables wil be a great help thanks santosh Quote Link to comment https://forums.phpfreaks.com/topic/125090-php-security/ Share on other sites More sharing options...
everurssantosh Posted September 21, 2008 Author Share Posted September 21, 2008 Can ANyBody HELP ~!!!! Quote Link to comment https://forums.phpfreaks.com/topic/125090-php-security/#findComment-646829 Share on other sites More sharing options...
redarrow Posted September 21, 2008 Share Posted September 21, 2008 your need javascript..... php has no user browser controll.............. Quote Link to comment https://forums.phpfreaks.com/topic/125090-php-security/#findComment-646831 Share on other sites More sharing options...
chronister Posted September 21, 2008 Share Posted September 21, 2008 as far as the f5 thing, I am not sure how to go about detecting that except for javascript. But you cannot rely on JavaScript for anything security related as about 4 clicks in Firefox renders it useless. But if you want to really control user sessions, store the session in a database and use that for your session control. Each page that is visited could be referenced in the db and you could store other information with it to determine where a user is and how long they have been there and such. I am not sure on the details of how that would work as I have never done it. One problem I can see is the fact that each page only takes a couple seconds to load. I could open page 1 in one tab and page 2 in another, then refresh page 1 and page 2's database session data has no clue regarding the fact that it has been left. Thats all I got on that one. Nate Quote Link to comment https://forums.phpfreaks.com/topic/125090-php-security/#findComment-646900 Share on other sites More sharing options...
Adam Posted September 21, 2008 Share Posted September 21, 2008 As chronsiter says, can't really detect refresh with PHP... But why would you want to log them off if they refreshed?? It would get really annoying if every time I refreshed the page I was logged out... I'd reccomend database sessions aswell, sounds like you want it closely montiored and secure so they're your best bet! Adam Quote Link to comment https://forums.phpfreaks.com/topic/125090-php-security/#findComment-646942 Share on other sites More sharing options...
rarebit Posted September 21, 2008 Share Posted September 21, 2008 I agree with MrAdam, but you can tell if a page was refreshed (could be due to other reasons also). You need to look at $_SERVER['HTTP_REFERER'] to see if it's basically the same as the current request. Quote Link to comment https://forums.phpfreaks.com/topic/125090-php-security/#findComment-646951 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.