xtopolis Posted October 19, 2008 Share Posted October 19, 2008 I have a basic login system that uses sessions to pass errors back and forth while trying to login. index.php[form]->login.php[process] ->(main.php[sucess] / back to index.php[fail]) Where index.php checks for an error message in the session. So, the user has a session from the get go in order to check for errors. Also, I am using a database to handle sessions (if of any importance). Question: I was told that it's not a good idea to give a user a session until they have successfully authenticated, to prevent session hijacking. Is this good advice? If so, what would be my alternative for passing error messages? (would a page/flow redesign be in order so that index posts to itself?) Quote Link to comment Share on other sites More sharing options...
redarrow Posted October 19, 2008 Share Posted October 19, 2008 if you name the sessions correctly and unique then there no problam...... if u want to hide all the url use mod_rewrite........ Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.