Eiolon Posted May 4, 2007 Share Posted May 4, 2007 I created a login script that uses sessions but I am wondering if I am using the right approach. Right now, if a session is valid, the user can see the secured page. If not they are redirected to the login page. This is the code for the secured page. <?php # main.php // Start the session. session_start(); // Check for the session value. if (isset($_SESSION['username'])) { echo '<p>Welcome back, '.$_SESSION['username'].'.</p>'; } else { // Quit the script and redirect to login page. header ("Location: http://" . $_SERVER['HTTP_HOST'] . dirname ($_SERVER['PHP_SELF']) . "login.php"); exit(); } ?> So as you can see, the session is the user's username. That works for what it does but lets say I want to pull more data from the user over to this page, such as their permissions, personal info, etc. Should I be passing that info through as sessions? Or how about, instead of the username, should I be passing the users id through then on the secured page query for data based on the user id? Thanks for your help and I hope this I could explain it clearly for you to understand. Link to comment https://forums.phpfreaks.com/topic/50031-sessions/ Share on other sites More sharing options...
taith Posted May 4, 2007 Share Posted May 4, 2007 yes, in the long run... userid's are by FAR more useful then usernames... then you can access user info wherever you want... however.... what i do, is on login, i put all the user info into a session ex... $_SESSION[userinfo]=$row;... that way if you want the username... you just $_SESSION[userinfo][username]; or the id $_SESSION[userinfo][id]; Link to comment https://forums.phpfreaks.com/topic/50031-sessions/#findComment-245589 Share on other sites More sharing options...
Norin Posted May 4, 2007 Share Posted May 4, 2007 Im also using an array for my session, wonder if the ID would give better performances ??? Link to comment https://forums.phpfreaks.com/topic/50031-sessions/#findComment-245591 Share on other sites More sharing options...
Rottingham Posted May 4, 2007 Share Posted May 4, 2007 yes, in the long run... userid's are by FAR more useful then usernames... then you can access user info wherever you want... however.... what i do, is on login, i put all the user info into a session ex... $_SESSION[userinfo]=$row;... that way if you want the username... you just $_SESSION[userinfo][username]; or the id $_SESSION[userinfo][id]; If this method is pulling from the database, it would not recommend using this example, as you more than likley have $_SESSION["userinfo"["password"] available as well, which creates a serious security leak. If that is not a concern of yours, then continue. Storing the ID value is much nicer. When I check for log in I use if(isset($_SESSION["UserID"])) continue; else Goto("login.php"); Link to comment https://forums.phpfreaks.com/topic/50031-sessions/#findComment-245653 Share on other sites More sharing options...
taith Posted May 5, 2007 Share Posted May 5, 2007 well... on login... just unset($_SESSION[userinfo][password]);... but if you use your own encrypter, even having the password would be completly useless to anyone... Link to comment https://forums.phpfreaks.com/topic/50031-sessions/#findComment-246052 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.