Ok, recently ive had a lot of security issues, and it seems all could be fixed (or at least upgraded in security) by switching to sessions. The only thing I use cookies for at the moment, is storing the username, and checking to see if it is set to allow users to do specific actions.
I've never dealt with sessions much.
if I change all instances of $_COOKIE['username'] to $_SESSION['username'] and all instances of isset($_cookie['username']) to isset($_SESSION['username']) and throw a session_start() at the top of every page, would this effectively switch me over to using sessions? or is there other areas that I need to look at as well?
switch from cookies to sessions
Moderator: General Moderators
switch from cookies to sessions
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
- Ambush Commander
- DevNet Master
- Posts: 3698
- Joined: Mon Oct 25, 2004 9:29 pm
- Location: New Jersey, US
for my authentication,
I plan on storing the session ID in the database and checking to see if it matches the php generated session id -- on every page load and form request.
does this pretty much secure the login? (other than username and password matching of course)
I plan on storing the session ID in the database and checking to see if it matches the php generated session id -- on every page load and form request.
does this pretty much secure the login? (other than username and password matching of course)
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.