Check database each time user accesses a page using $_SESSIO
Posted: Mon Aug 18, 2008 2:21 pm
Hello everyone,
I (FINALLY) finished my first php login scripts, and they are working flawlessly (without hackers, of course)
However, as an added measure of security, I had a thought.
Would it be smart at the time of login of the user to set two session vars of the username and password of the user, so that each time a user accesses a various page you can use the vars to check against the database that that combination actaully exists? I understand that I only make the session var once the user is authenticated, however, would it be possible for a hacker to alter these session vars in between pages and allow him access to a page? 3
Or would it be secure enough just to have one ['userWhichIsOnline'] session var which is only set if the user is authenticated?
Also, along the same lines, are session vars the de facto standard for user authentication in PHP?
Thank you for the great help as I embark on my journey of security-finding! (Dental Website + Hackers + Bad Security = BAD NEWS)
thanks!
I (FINALLY) finished my first php login scripts, and they are working flawlessly (without hackers, of course)
However, as an added measure of security, I had a thought.
Would it be smart at the time of login of the user to set two session vars of the username and password of the user, so that each time a user accesses a various page you can use the vars to check against the database that that combination actaully exists? I understand that I only make the session var once the user is authenticated, however, would it be possible for a hacker to alter these session vars in between pages and allow him access to a page? 3
Or would it be secure enough just to have one ['userWhichIsOnline'] session var which is only set if the user is authenticated?
Also, along the same lines, are session vars the de facto standard for user authentication in PHP?
Thank you for the great help as I embark on my journey of security-finding! (Dental Website + Hackers + Bad Security = BAD NEWS)
thanks!