Danny620 Posted August 15, 2009 Share Posted August 15, 2009 would it be safe to store a sha1 password in a session would it be hackable and even if they did hack it would they be able to decript it and use it to login Link to comment https://forums.phpfreaks.com/topic/170387-session-question/ Share on other sites More sharing options...
wildteen88 Posted August 15, 2009 Share Posted August 15, 2009 No one can read the contents of a session. All session data is stored on the server. Why are saving the password in the session? Link to comment https://forums.phpfreaks.com/topic/170387-session-question/#findComment-898826 Share on other sites More sharing options...
Danny620 Posted August 15, 2009 Author Share Posted August 15, 2009 because i want to check the username and the password to make sure its them not just check one Link to comment https://forums.phpfreaks.com/topic/170387-session-question/#findComment-898829 Share on other sites More sharing options...
PFMaBiSmAd Posted August 15, 2009 Share Posted August 15, 2009 I've got to ask the same thing. Why store the password (or a hashed version of it) in a session? The only time you care what a password is, is when a visitor enters it in order to authenticate who they are. Once you match the password (or a hashed version of it) with what has been previously stored on the server (in a database or flat-file), you store a value in a session that says the current visitor is authenticated (usually a session variable that holds their username), you don't deal with the password again unless you need the visitor to re-authenticate who they are again. Link to comment https://forums.phpfreaks.com/topic/170387-session-question/#findComment-898831 Share on other sites More sharing options...
wildteen88 Posted August 15, 2009 Share Posted August 15, 2009 You would only check the username/password when they login not for every page they view. Instead when they login successfully define a new session variable called is_logged_in and set it to true. Now on every page that requires the user to be logged have the following at the top of the page. <?php session_start() // check if they are logged in if(!isset($_SESSION['is_logged_in']) || isset($_SESSION['is_logged_in']) && $_SESSION['is_logged_in'] != true) { header('Location: login.php'); exit; } // code for page here When they logout destroy the session or unset the is_logged_in session variable. Link to comment https://forums.phpfreaks.com/topic/170387-session-question/#findComment-898833 Share on other sites More sharing options...
Danny620 Posted August 15, 2009 Author Share Posted August 15, 2009 does this have to be set on logging $_SESSION['is_logged_in'] like when i user logos in i set it then if(!isset($_SESSION['is_logged_in']) || isset($_SESSION['is_logged_in']) && $_SESSION['is_logged_in'] != true) { header('Location: login.php'); exit; } Link to comment https://forums.phpfreaks.com/topic/170387-session-question/#findComment-899024 Share on other sites More sharing options...
wildteen88 Posted August 15, 2009 Share Posted August 15, 2009 Please reply to this thread. No need to start a new thread Link to comment https://forums.phpfreaks.com/topic/170387-session-question/#findComment-899028 Share on other sites More sharing options...
Danny620 Posted August 15, 2009 Author Share Posted August 15, 2009 sorry but i dont understand do i have to set this var Link to comment https://forums.phpfreaks.com/topic/170387-session-question/#findComment-899031 Share on other sites More sharing options...
wildteen88 Posted August 15, 2009 Share Posted August 15, 2009 sorry but i dont understand do i have to set this var Yes you need to set this variable when they successfully login, eg $_SESSION['is_logged_in'] = true; Please if you have any more questions continue in your previous thread. Link to comment https://forums.phpfreaks.com/topic/170387-session-question/#findComment-899113 Share on other sites More sharing options...
Daniel0 Posted August 16, 2009 Share Posted August 16, 2009 I've merged the two topics. Link to comment https://forums.phpfreaks.com/topic/170387-session-question/#findComment-899305 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.