I have a function described below;
Code: Select all
function validateUser()
{
session_regenerate_id ();
$_SESSION['validSession'] = 1;
$_SESSION['useridSession'] = $userid;
$_SESSION['usernameSession'] = $username;
}
Code: Select all
header('Location: nextpage.php');
Code: Select all
echo $_SESSION['validSession'];
echo $_SESSION['useridSession'];
echo $_SESSION['usernameSession'];
So, what I thought was that it must be the way I declare the variables $username and $userid but if I echo these on the page where the function is called they display correctly. Soooo... the only thing I can think could be wrong is;
Code: Select all
$_SESSION['useridSession'] = $userid;
$_SESSION['usernameSession'] = $username;
Also, are there some easy ways to make this more secure? It looks like the session can be hijacked relatively easily but other than regenerating the id I don't know what to do
Thanks