Jump to content


This topic is now archived and is closed to further replies.


secure sessions ???

Recommended Posts


im trying to create a secure logon script that create a session variable for the user so that they can access the secure pages.  However, at present i have created a session variable containing the users 'username' which is pulled from the database when it has been confirmed that they are registered.  This works fine ... though i have my reservations about security.

Surely as it stands it would be pretty feasible for someone to obtain this session variable and access the secured pages.  i have been told that it is a good idea to keep changing the session variable as the user navigates to different pages.  Is this good advice?  And in order to do this would i have to register some sort of session key (like a string of digits or something e.g.  jhdgfhjg55jg5j353543879gg)???  This could then be changed when the user navigates to another page and would also be harder to obtain by a third party.

Any advice would be appreciated, Cheers!

Share this post

Link to post
Share on other sites
I think you should use cookies instead since they are stored on the client's computer and not the server computer (like I think sessions are). You should use an encrypted line (SSL). You should store a session_id as the ONLY cookie on the, the session id should be something random like: [code]uniqid(md5(microtime()));[/code]
Store the session id in a database along with other information. Check the if the session id is set and then get the rest of the data from the database.

I believe that is more secure.

Share this post

Link to post
Share on other sites


Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.