Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
Moderator: General Moderators
soulmasta
Forum Newbie
Posts: 17 Joined: Fri Aug 15, 2008 4:50 pm
Post
by soulmasta » Fri Aug 15, 2008 4:56 pm
Hello everybody,
cause am somehow new with sessions on php i would like to listen your advices and ideas on how we can secure better the following session :
Code: Select all
<?php
session_start();
if(!oursession(yesitisautheticated)){
header("location:gotolog_in.php");
}
$specialmember=$_SESSION['thespecialmember'];
?>
par example am wondering if the possible use of exit(); function is a good practice after the header ..hm ?
waiting for your advices and ideas
thanx in advance !
Christopher
Site Administrator
Posts: 13596 Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US
Post
by Christopher » Fri Aug 15, 2008 4:58 pm
Yes, often you exit after setting a redirect header so the rest of the script will not run:
Code: Select all
header("location:gotolog_in.php");
exit();
(#10850)
soulmasta
Forum Newbie
Posts: 17 Joined: Fri Aug 15, 2008 4:50 pm
Post
by soulmasta » Fri Aug 15, 2008 5:03 pm
thanks for the quick response
so i can change it as follow :
Code: Select all
1. <?php
2. session_start();
3.
4. if(!oursession(yesitisautheticated)){
5. header("location:gotolog_in.php");
5a. exit();
6. }
7. $specialmember=$_SESSION['thespecialmember'];
8.
9. ?>
Hm and may i use an else after the last brecket or is not needed ?
Christopher
Site Administrator
Posts: 13596 Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US
Post
by Christopher » Fri Aug 15, 2008 5:30 pm
soulmasta wrote: Hm and may i use an else after the last brecket or is not needed ?
No need for the else.
(#10850)
soulmasta
Forum Newbie
Posts: 17 Joined: Fri Aug 15, 2008 4:50 pm
Post
by soulmasta » Fri Aug 15, 2008 5:52 pm
ok thanx a lot mate,
just if there is something more, that we can do in terms of securing this part of code, plz let me know it