asmith Posted November 26, 2007 Share Posted November 26, 2007 when a user log in : before i show him his logged page $_SESSION[user] = "aaa"; and at all of user pages : if ($_SESSION[user] != "aaa") {header("location: login.php");exit;} 1.is this way enough secure ? i mean i have put a "aaa" variable , isn't that unsafe ? 2.beside how can i use a changable variable for defining users ? Link to comment https://forums.phpfreaks.com/topic/78910-solved-user-session-security/ Share on other sites More sharing options...
trq Posted November 26, 2007 Share Posted November 26, 2007 Usually easiest to use booleens. If user logged in successfully.... <?php session_start(); $_SESSION['user_logged_in'] = true; ?> Then a simple login check... <?php session_start(); if (isset($_SESSION['user_logged_in'])) { // user is logged in. } ?> Link to comment https://forums.phpfreaks.com/topic/78910-solved-user-session-security/#findComment-399353 Share on other sites More sharing options...
asmith Posted November 26, 2007 Author Share Posted November 26, 2007 it has nothing to do with safety or security or anything ? (as session is a server-side file , no need to worry about information in it ? ) Link to comment https://forums.phpfreaks.com/topic/78910-solved-user-session-security/#findComment-399356 Share on other sites More sharing options...
trq Posted November 26, 2007 Share Posted November 26, 2007 That is about as safe as sessions can be. Link to comment https://forums.phpfreaks.com/topic/78910-solved-user-session-security/#findComment-399357 Share on other sites More sharing options...
asmith Posted November 26, 2007 Author Share Posted November 26, 2007 got it ! thanks Link to comment https://forums.phpfreaks.com/topic/78910-solved-user-session-security/#findComment-399361 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.