How we can secure better this PHP session ?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
soulmasta
Forum Newbie
Posts: 17
Joined: Fri Aug 15, 2008 4:50 pm

How we can secure better this PHP session ?

Post by soulmasta »

Hello everybody,

cause am somehow new with sessions on php i would like to listen your advices and ideas on how we can secure better the following session :

Code: Select all

<?php
session_start();
 
if(!oursession(yesitisautheticated)){
header("location:gotolog_in.php");
}
 $specialmember=$_SESSION['thespecialmember'];
 
?>
par example am wondering if the possible use of exit(); function is a good practice after the header ..hm ? :roll:

waiting for your advices and ideas ;)
thanx in advance !
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: How we can secure better this PHP session ?

Post by Christopher »

Yes, often you exit after setting a redirect header so the rest of the script will not run:

Code: Select all

header("location:gotolog_in.php");
exit();
(#10850)
soulmasta
Forum Newbie
Posts: 17
Joined: Fri Aug 15, 2008 4:50 pm

Re: How we can secure better this PHP session ?

Post by soulmasta »

thanks for the quick response ;)

so i can change it as follow :

Code: Select all

1. <?php
   2. session_start();
   3.  
   4. if(!oursession(yesitisautheticated)){
   5. header("location:gotolog_in.php");
 5a. exit();
   6. }
   7.  $specialmember=$_SESSION['thespecialmember'];
   8.  
   9. ?>
 
Hm and may i use an else after the last brecket or is not needed ?
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: How we can secure better this PHP session ?

Post by Christopher »

soulmasta wrote:Hm and may i use an else after the last brecket or is not needed ?
No need for the else.
(#10850)
soulmasta
Forum Newbie
Posts: 17
Joined: Fri Aug 15, 2008 4:50 pm

Re: How we can secure better this PHP session ?

Post by soulmasta »

ok thanx a lot mate,

just if there is something more, that we can do in terms of securing this part of code, plz let me know it ;)
Post Reply