dvdriper Posted February 19, 2008 Share Posted February 19, 2008 hi, I'm new to php, ... have a question, it's not a complicated one I guess... If I have a website, and on every page there is a condition... something like that: if (isset($_SESSION["nickname"]) and isset($_SESSION["pass"])) { echo "<html> ... the page.... "; } else { echo "access denied!"; exit; } I wonder, if someone on his computer makes a script like this: <?php session_start(); $_SESSION['nickname'] = "whatever"; $_SESSION['nickname'] = "whatever"; ?> and after that enteres my site... the script will deny him? if no, please, what should I make to somehow protect my script.... I guess i need on every page to ask the database if there is such a session with "nickname" with such a "pass", yes? Link to comment https://forums.phpfreaks.com/topic/91982-php-sessions-security-help/ Share on other sites More sharing options...
revraz Posted February 19, 2008 Share Posted February 19, 2008 They can't do it like that. Link to comment https://forums.phpfreaks.com/topic/91982-php-sessions-security-help/#findComment-471070 Share on other sites More sharing options...
dvdriper Posted February 19, 2008 Author Share Posted February 19, 2008 so, I'm well protected? i don't need to check if there is a username and a pass out there ? Link to comment https://forums.phpfreaks.com/topic/91982-php-sessions-security-help/#findComment-471073 Share on other sites More sharing options...
monkeypaw201 Posted February 19, 2008 Share Posted February 19, 2008 right.. just a piece of advice... i wouldn't have passwords as session variables, especially if they aren't encrypted Link to comment https://forums.phpfreaks.com/topic/91982-php-sessions-security-help/#findComment-471080 Share on other sites More sharing options...
dvdriper Posted February 19, 2008 Author Share Posted February 19, 2008 i used a varible , the nickname, i need more? or it's enough? Link to comment https://forums.phpfreaks.com/topic/91982-php-sessions-security-help/#findComment-471089 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.