Jump to content

Validating sessions


fizix

Recommended Posts

First of all: Hi everybody!

Second: This may be a loaded question BUT, what is the best way to validate that a user is logged in? I'm using:

[code]session_start();
$_session['username'] = "$username";
$_session['ip'] = $_SERVER['REMOTE_ADDR']; [/code]

to start a session. However, how do I verify on future pages that they've logged in and have a valid session?
Link to comment
https://forums.phpfreaks.com/topic/30673-validating-sessions/
Share on other sites

Depends on the circumstances. You could simply create a session variable called $_SESSION['loggedin'] and set to 1 when they go through the log in script. Or, if security is an issue you may need to store the username and hashed password or a temporary key to validate on every page.
Link to comment
https://forums.phpfreaks.com/topic/30673-validating-sessions/#findComment-141331
Share on other sites

[quote author=mjdamato link=topic=118641.msg485009#msg485009 date=1166123941]
Depends on the circumstances. You could simply create a session variable called $_SESSION['loggedin'] and set to 1 when they go through the log in script. Or, if security is an issue you may need to store the username and hashed password or a temporary key to validate on every page.
[/quote]

Am I right that anybody could put loggedin=1 in their cookie if they wanted? Is there a way to validate using their session ID?
Link to comment
https://forums.phpfreaks.com/topic/30673-validating-sessions/#findComment-141334
Share on other sites

[quote author=fizix link=topic=118641.msg485012#msg485012 date=1166124309]
Am I right that anybody could put loggedin=1 in their cookie if they wanted? Is there a way to validate using their session ID?
[/quote]

Um, did you even bother reading the 2nd part of my post? " if security is an issue you may need to store the username and hashed password or a temporary key to validate on every page".

The basic idea is to store all the temporary data in a table in the database that is tied to a unique session identifier you assign to a user when they log in. And you make that identifier time sensitive.
Link to comment
https://forums.phpfreaks.com/topic/30673-validating-sessions/#findComment-141349
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.