xtopolis Posted October 19, 2008 Share Posted October 19, 2008 I have a basic login system that uses sessions to pass errors back and forth while trying to login. index.php[form]->login.php[process] ->(main.php[sucess] / back to index.php[fail]) Where index.php checks for an error message in the session. So, the user has a session from the get go in order to check for errors. Also, I am using a database to handle sessions (if of any importance). Question: I was told that it's not a good idea to give a user a session until they have successfully authenticated, to prevent session hijacking. Is this good advice? If so, what would be my alternative for passing error messages? (would a page/flow redesign be in order so that index posts to itself?) Link to comment https://forums.phpfreaks.com/topic/129026-sessions-for-errors-auth/ Share on other sites More sharing options...
redarrow Posted October 19, 2008 Share Posted October 19, 2008 if you name the sessions correctly and unique then there no problam...... if u want to hide all the url use mod_rewrite........ Link to comment https://forums.phpfreaks.com/topic/129026-sessions-for-errors-auth/#findComment-668886 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.