Jump to content

Recommended Posts

Hi,

I've been searching on google for how to implement sessions for user authentication. I've seen two methods.

 

note I know a bit about how sessions work but I do wonder this:

 

One type of example shows using sessions to store both the username, and the users password. Each time a secure page is requested it then takes those session variables and checks the database to see if it's a valid combo each and every time. This seems a bit insecure to me in that you are storing user password on the server...right? Also, it's accessing the database needlessly...right?

 

The other type, and the one that makes sense to me is that the username and password is checked against the database ONCE and if found to be valid a session variable is set to indicate that...for example $_SESSION["access"] = "granted";

and then that session variable is checked on every secure page. Thus the database is only accessed once.

 

Is one method better than the other? If so, why?

 

Thanks!

 

  • 2 weeks later...

But so long as you do not bear the session variable to the user then the session variables should be safe. But if you are on a shared host then you need to store your sessions in a secure folder, or on the database, which will result in the high number of inquires. To prevent Hijacking you will need to use extra means of user validation. Like using a coded cookie or two and user browser integrity.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.