PHP sessions security... help

dvdriper · February 19, 2008

hi, I'm new to php, ... have a question, it's not a complicated one I guess...

If I have a website, and on every page there is a condition... something like that:

if (isset($_SESSION["nickname"]) and isset($_SESSION["pass"])) {

echo "<html>

... the page....

";

} else {

echo "access denied!";

exit;

}

I wonder, if someone on his computer makes a script like this:

<?php

session_start();

$_SESSION['nickname'] = "whatever";

?>

and after that enteres my site...

the script will deny him?

if no, please, what should I make to somehow protect my script....

I guess i need on every page to ask the database if there is such a session with "nickname" with such a "pass", yes?

revraz · February 19, 2008

They can't do it like that.

dvdriper · February 19, 2008

so, I'm well protected? i don't need to check if there is a username and a pass out there ?

monkeypaw201 · February 19, 2008

right.. just a piece of advice... i wouldn't have passwords as session variables, especially if they aren't encrypted

dvdriper · February 19, 2008

i used a varible , the nickname, i need more? or it's enough?

Recommended Posts