Jump to content

Sessions

Eiolon

By Eiolon
in PHP Coding Help

 Share

Recommended Posts

Eiolon Advanced Member

Eiolon

Posted
Posted

I created a login script that uses sessions but I am wondering if I am using the right approach.

 

Right now, if a session is valid, the user can see the secured page.  If not they are redirected to the login page.

 

This is the code for the secured page.

 

<?php # main.php

// Start the session.
session_start();

// Check for the session value.
if (isset($_SESSION['username'])) {
echo '<p>Welcome back, '.$_SESSION['username'].'.</p>';
} else {
// Quit the script and redirect to login page.
header ("Location: http://" . $_SERVER['HTTP_HOST'] . 
dirname ($_SERVER['PHP_SELF']) . "login.php");
exit();
}
?>

 

So as you can see, the session is the user's username.

 

That works for what it does but lets say I want to pull more data from the user over to this page, such as their permissions, personal info, etc.  Should I be passing that info through as sessions?  Or how about, instead of the username, should I be passing the users id through then on the secured page query for data based on the user id?

 

Thanks for your help and I hope this I could explain it clearly for you to understand.

 

Link to comment
Share on other sites
taith Regular Member

taith

Posted
Posted

yes, in the long run... userid's are by FAR more useful then usernames... then you can access user info wherever you want... however.... what i do, is on login, i put all the user info into a session ex... $_SESSION[userinfo]=$row;... that way if you want the username... you just $_SESSION[userinfo][username]; or the id $_SESSION[userinfo][id];

Link to comment
Share on other sites
Rottingham Member

Rottingham

Posted
Posted

yes, in the long run... userid's are by FAR more useful then usernames... then you can access user info wherever you want... however.... what i do, is on login, i put all the user info into a session ex... $_SESSION[userinfo]=$row;... that way if you want the username... you just $_SESSION[userinfo][username]; or the id $_SESSION[userinfo][id];

 

If this method is pulling from the database, it would not recommend using this example, as you more than likley have $_SESSION["userinfo"["password"] available as well, which creates a serious security leak.

 

If that is not a concern of yours, then continue. Storing the ID value is much nicer. When I check for log in I use

 

if(isset($_SESSION["UserID"]))

    continue;

else

  Goto("login.php");

 

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.