Page 1 of 1
Basics of create PHP sessions after login
Posted: Fri Nov 28, 2008 5:01 am
by simonmlewis
Hello
I have a CMS with user logins, but have yet to find out how to add Sessions.
So when someone passes through the pages, it knows who they are, without constantly create SELECT * from SQL.
It maybe with Cookies, but again, I've no idea about Cookies.
Hope someone can offer some guidance.
Simon
Re: Basics of create PHP sessions after login
Posted: Fri Nov 28, 2008 6:23 am
by papa
Maybe reading about cookies and sessions might help?
session_start() is one function that you need to use.
Re: Basics of create PHP sessions after login
Posted: Mon Dec 08, 2008 3:48 pm
by eggnogg
check SESSION + php manual on google -> all info is there

Re: Basics of create PHP sessions after login
Posted: Mon Dec 15, 2008 11:35 am
by kaisellgren
After a successful login, you create a cookie, which can be either created by PHP's build-in cookie() -function or you add it with header(), which is a lot more challenging task.
Once the user requests a protected page, the cookie data is checked against the database. If the information matched the db records, let him see the page, if not, then output the login form (or redirect to it).
Re: Basics of create PHP sessions after login
Posted: Sat Jan 03, 2009 3:57 pm
by MichaelR
I find session_start() works well. Define $_SESSION["id"] as the user's ID (after selecting it from the database), and have session_start() at the top of every restricted page. If $_SESSION["id"] is not set, redirect them to whatever page you wish, else if it is set, allow them to stay on the restricted page. Like this:
Code: Select all
session_start();
if (!isset($_SESSION["id"]))
header("Location: index.php");
else {
...
Re: Basics of create PHP sessions after login
Posted: Thu Jan 15, 2009 5:02 pm
by kipp
Is Michaels redirect option a safe bet? Honestly that is what I normally use, but it seems so simple I am concerned that it is basically leaving a back door wide open.
Re: Basics of create PHP sessions after login
Posted: Thu Jan 15, 2009 5:26 pm
by kaisellgren
kipp wrote:Is Michaels redirect option a safe bet?
You still need protection against session attacks and CSRF.
Re: Basics of create PHP sessions after login
Posted: Thu Jan 15, 2009 6:23 pm
by kipp
any good readings on how to protect against those?
Re: Basics of create PHP sessions after login
Posted: Thu Jan 15, 2009 6:47 pm
by kaisellgren
kipp wrote:any good readings on how to protect against those?
http://forums.devnetwork.net/search.php?keywords=session&terms=all&author=&fid[]=34&sc=1&sf=titleonly&sr=topics&sk=t&sd=d&st=0&ch=300&t=0&submit=Search