mooseychops Posted June 28, 2012 Share Posted June 28, 2012 Hi Guys, Having a bit of a security problem with my login page which is driving me nuts. It looks like that users can bypass my login page and access other pages by simply navigating to them or keeping the url in thier favourites..!! what is the best way to tackle this problem? I have had a quick look and saw that there might be a way to do something with cookies to assign a cookie ID to each user who logs in to the system.. any ideas or hints towards putting me on the right track would be very much appreciated. thanks! Quote Link to comment Share on other sites More sharing options...
redarrow Posted June 28, 2012 Share Posted June 28, 2012 use a database, then secure there info , then pull it out for security checks then let them in,also add a capture code to prevent database injections Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted June 28, 2012 Share Posted June 28, 2012 Each protected page must have php code on it to check if the current visitor can access that page. How does your login code 'remember' who the current visitor is after he/she has authenticated themselves and what's your code on each page to check and limit access to protected pages? Quote Link to comment Share on other sites More sharing options...
xyph Posted June 28, 2012 Share Posted June 28, 2012 PHP sessions are probably the easiest solution, assuming you apply PFMaBiSmAd's advice above. Quote Link to comment Share on other sites More sharing options...
SalientAnimal Posted June 29, 2012 Share Posted June 29, 2012 You could also set a session duration which would terminate their current session if they are inactive for a given period of time. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.