Jump to content

sessions: for errors/ auth


xtopolis

Recommended Posts

I have a basic login system that uses sessions to pass errors back and forth while trying to login.

 

index.php[form]->login.php[process] ->(main.php[sucess] / back to index.php[fail])

Where index.php checks for an error message in the session.

 

So, the user has a session from the get go in order to check for errors.  Also, I am using a database to handle sessions (if of any importance).

 

Question:

I was told that it's not a good idea to give a user a session until they have successfully authenticated, to prevent session hijacking.  Is this good advice?  If so, what would be my alternative for passing error messages? (would a page/flow redesign be in order so that index posts to itself?)

Link to comment
https://forums.phpfreaks.com/topic/129026-sessions-for-errors-auth/
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.