Page 1 of 1

secure session authentication

Posted: Tue Aug 05, 2008 7:03 am
by bazaarboy
I'm a keen php amateur, and was wondering what people like using for secure session design?
I run one website which requires a secure login, and works by starting a php session with each page, ie:

Code: Select all

include 'authenticate.php';
at the top of every page...

i'm interested in finding out any alternatives, or tips for best practices - any thoughts?

Re: secure session authentication

Posted: Tue Aug 05, 2008 9:27 am
by alex.barylski
You haven't really explained or shown much about how authenticate.php actually works so it's hard to say.

If all it does is check a $_SESSION value like:

Code: Select all

if($_SESSION['authenticated'] == true)
That would probably suffice for most circumstances...so long as it's not possible to change that value through the web interface...which is where the security concerns come in.