Logging in and sessions???

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
rubberjohn
Forum Contributor
Posts: 193
Joined: Fri Feb 25, 2005 4:03 am

Logging in and sessions???

Post by rubberjohn »

Im creating a secure section on a site where users can edit the content of the website.

As well as this I want to separate the users into admin and regular users, where the admin can add/remove users and both types of user can edit the content and reset their password.

Firstly, in order to separate the users (admin and regular) is it just a case of placing a flag in a db that identifies that user as either admin or a regular user and then adjusting the content they have access to accordingly (i was thinking of an if statement that echos different content depending on the flag)

Secondly how do i ensure that the pages after login remain relevant / linked to the user that has logged in - do i use sessions for this so for example when a user has logged in and changed some content how can i identify that user in order to log who they are and what they have changed

will using sessions stop pages being linked to (ie looking over someones shoulder and copying the url) will it also stop a page being accessed if it has been bookmarked?

thanks in advance for ur help
Post Reply