Page 1 of 1

How we can secure better this PHP session ?

Posted: Fri Aug 15, 2008 4:56 pm
by soulmasta
Hello everybody,

cause am somehow new with sessions on php i would like to listen your advices and ideas on how we can secure better the following session :

Code: Select all

<?php
session_start();
 
if(!oursession(yesitisautheticated)){
header("location:gotolog_in.php");
}
 $specialmember=$_SESSION['thespecialmember'];
 
?>
par example am wondering if the possible use of exit(); function is a good practice after the header ..hm ? :roll:

waiting for your advices and ideas ;)
thanx in advance !

Re: How we can secure better this PHP session ?

Posted: Fri Aug 15, 2008 4:58 pm
by Christopher
Yes, often you exit after setting a redirect header so the rest of the script will not run:

Code: Select all

header("location:gotolog_in.php");
exit();

Re: How we can secure better this PHP session ?

Posted: Fri Aug 15, 2008 5:03 pm
by soulmasta
thanks for the quick response ;)

so i can change it as follow :

Code: Select all

1. <?php
   2. session_start();
   3.  
   4. if(!oursession(yesitisautheticated)){
   5. header("location:gotolog_in.php");
 5a. exit();
   6. }
   7.  $specialmember=$_SESSION['thespecialmember'];
   8.  
   9. ?>
 
Hm and may i use an else after the last brecket or is not needed ?

Re: How we can secure better this PHP session ?

Posted: Fri Aug 15, 2008 5:30 pm
by Christopher
soulmasta wrote:Hm and may i use an else after the last brecket or is not needed ?
No need for the else.

Re: How we can secure better this PHP session ?

Posted: Fri Aug 15, 2008 5:52 pm
by soulmasta
ok thanx a lot mate,

just if there is something more, that we can do in terms of securing this part of code, plz let me know it ;)