JJohnsenDK Posted July 13, 2007 Share Posted July 13, 2007 Hey Im trying to make my own login script, which works, but im afarid that the security is at the lowest. When a user logs in a store the user_id in $_SESSION['user'], then i use that session variable to see if the user have logged on. For example if(isset($_SESSION['user'])){ echo "Welcome"; } To me it seems that this is to simple to be secure. What do you guys thing? Link to comment https://forums.phpfreaks.com/topic/59770-is-it-secure-to-use-_session-in-a-login-script/ Share on other sites More sharing options...
mihail Posted July 13, 2007 Share Posted July 13, 2007 Security is a complex issue. http://shiflett.org might be of interest. Link to comment https://forums.phpfreaks.com/topic/59770-is-it-secure-to-use-_session-in-a-login-script/#findComment-297127 Share on other sites More sharing options...
gerkintrigg Posted July 13, 2007 Share Posted July 13, 2007 that's pretty much what i do. if it's just a membership system for a site, you should be fine with that. if there's money involved, you'll want a secure server. You might want to think about htaccess... but read that article above. You can never be too careful, but like Einstein said: "everything should be made as simple as possible - but no simpler". Link to comment https://forums.phpfreaks.com/topic/59770-is-it-secure-to-use-_session-in-a-login-script/#findComment-297129 Share on other sites More sharing options...
JJohnsenDK Posted July 13, 2007 Author Share Posted July 13, 2007 i will read the articles... thanks for helping out Link to comment https://forums.phpfreaks.com/topic/59770-is-it-secure-to-use-_session-in-a-login-script/#findComment-297134 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.