secure session authentication

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
User avatar
bazaarboy
Forum Newbie
Posts: 6
Joined: Sat Apr 12, 2008 11:34 am
Location: Norwich UK

secure session authentication

Post by bazaarboy »

I'm a keen php amateur, and was wondering what people like using for secure session design?
I run one website which requires a secure login, and works by starting a php session with each page, ie:

Code: Select all

include 'authenticate.php';
at the top of every page...

i'm interested in finding out any alternatives, or tips for best practices - any thoughts?
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Re: secure session authentication

Post by alex.barylski »

You haven't really explained or shown much about how authenticate.php actually works so it's hard to say.

If all it does is check a $_SESSION value like:

Code: Select all

if($_SESSION['authenticated'] == true)
That would probably suffice for most circumstances...so long as it's not possible to change that value through the web interface...which is where the security concerns come in.
Post Reply