Jump to content

Writing paranoia secure login class with option

redgorilla

By redgorilla
in PHP Coding Help

 Share

Recommended Posts

redgorilla Newbie

redgorilla

Posted
Posted
Hello. I have some experience in php and have just started writing of my own first medium sized script. I have used some ready classes but decided to make my own secure class and improve it later. So the most important part is security issue. I decided to make paranoiac class that will store unique created id in sessions, cookies and database both with user ip. So i think it will protect from stealing session and cookies. Is it paranoia or it will work?
Link to comment
Share on other sites
Buyocat Member

Buyocat

Posted
Posted
Red, could you be more clear? Do you mean that you want to store in a user session everyone's information? More likely, you mean you want to store everyone's information in a database and store a user's specific information in a session/cookie. But out of curiousity why do you want it to be "so secure"? I don't think adding more to a session will make things any more secure, and some things, such as IP address, will just make more trouble for yourself. Most likely, just the user id will be enough and you can query the database to confirm the user and his information at the beginning of each page if you are worried.
Link to comment
Share on other sites
redgorilla Newbie

redgorilla

Posted
  • Author
Posted
[!--quoteo(post=373080:date=May 10 2006, 11:29 PM:name=Buyocat)--][div class=\'quotetop\']QUOTE(Buyocat @ May 10 2006, 11:29 PM) [snapback]373080[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Red, could you be more clear? Do you mean that you want to store in a user session everyone's information? More likely, you mean you want to store everyone's information in a database and store a user's specific information in a session/cookie. But out of curiousity why do you want it to be "so secure"? I don't think adding more to a session will make things any more secure, and some things, such as IP address, will just make more trouble for yourself. Most likely, just the user id will be enough and you can query the database to confirm the user and his information at the beginning of each page if you are worried.
[/quote]

As i said it's paranoia :-). I just want to store unique code both in session and in cookies and compare it with value that stored in db. Or i should not use cookie at all for current use info?
Link to comment
Share on other sites
Buyocat Member

Buyocat

Posted
Posted
Just use a session (which at least from my experience seems to make a cookie along with it, though I think you can turn that off), and store the unique user id. That should be enough to identify users and mark them as in or out. If they somehow don't have their id on them you can shuttle them to a log in page with the header () function.
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.