sessions

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
murlopaz
Forum Commoner
Posts: 60
Joined: Wed Oct 11, 2006 5:02 pm
Location: Baltimore, MD, USA

sessions

Post by murlopaz »

hi everybody,
I have a member area on my website.
The user is supposed to register before accessing the member's area.

When the user registers he is brought to another page where he can pay for 1/3/6/12 months or get one trial day.

My question is: do I create a session when the user registers? The reason being is that I don't want user to access the payment page directly

I have a session when a user logs in ofcourse...

What do you guys think?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

yes.
nameless1
Forum Newbie
Posts: 15
Joined: Sun Nov 05, 2006 1:14 pm

Post by nameless1 »

store your data in the database and not the session. the only login information you should store in the session is user_id and any other generic user data such as user_name. You should not create a session that is meant to last for a long period of time it is bad for security and data integrity.
Post Reply