Basics of create PHP sessions after login
Moderator: General Moderators
-
simonmlewis
- DevNet Master
- Posts: 4435
- Joined: Wed Oct 08, 2008 3:39 pm
- Location: United Kingdom
- Contact:
Basics of create PHP sessions after login
Hello
I have a CMS with user logins, but have yet to find out how to add Sessions.
So when someone passes through the pages, it knows who they are, without constantly create SELECT * from SQL.
It maybe with Cookies, but again, I've no idea about Cookies.
Hope someone can offer some guidance.
Simon
I have a CMS with user logins, but have yet to find out how to add Sessions.
So when someone passes through the pages, it knows who they are, without constantly create SELECT * from SQL.
It maybe with Cookies, but again, I've no idea about Cookies.
Hope someone can offer some guidance.
Simon
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
All the best from the United Kingdom.
Re: Basics of create PHP sessions after login
Maybe reading about cookies and sessions might help? 
session_start() is one function that you need to use.
session_start() is one function that you need to use.
Re: Basics of create PHP sessions after login
check SESSION + php manual on google -> all info is there 
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: Basics of create PHP sessions after login
After a successful login, you create a cookie, which can be either created by PHP's build-in cookie() -function or you add it with header(), which is a lot more challenging task.
Once the user requests a protected page, the cookie data is checked against the database. If the information matched the db records, let him see the page, if not, then output the login form (or redirect to it).
Once the user requests a protected page, the cookie data is checked against the database. If the information matched the db records, let him see the page, if not, then output the login form (or redirect to it).
Re: Basics of create PHP sessions after login
I find session_start() works well. Define $_SESSION["id"] as the user's ID (after selecting it from the database), and have session_start() at the top of every restricted page. If $_SESSION["id"] is not set, redirect them to whatever page you wish, else if it is set, allow them to stay on the restricted page. Like this:
Code: Select all
session_start();
if (!isset($_SESSION["id"]))
header("Location: index.php");
else {
...
Re: Basics of create PHP sessions after login
Is Michaels redirect option a safe bet? Honestly that is what I normally use, but it seems so simple I am concerned that it is basically leaving a back door wide open.
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: Basics of create PHP sessions after login
You still need protection against session attacks and CSRF.kipp wrote:Is Michaels redirect option a safe bet?
Re: Basics of create PHP sessions after login
any good readings on how to protect against those?
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: Basics of create PHP sessions after login
http://forums.devnetwork.net/search.php?keywords=session&terms=all&author=&fid[]=34&sc=1&sf=titleonly&sr=topics&sk=t&sd=d&st=0&ch=300&t=0&submit=Searchkipp wrote:any good readings on how to protect against those?