Page 1 of 1

Manage Session IDs

Posted: Thu Oct 08, 2009 12:47 am
by farhan00
I am working on the authentication piece of my web application. After successful authentication, the application will assign users a session ID in the form of a cookie. This session ID should tie to one specific user in the system, and when a user goes from one PHP page onto another, the different PHP pages must be able to verify that the session ID that the user is sending is authentic.

This seems like a fairly common requirement. How is this done? I do not know where to begin. Is there a guide online? Please assist!

Re: Manage Session IDs

Posted: Thu Oct 08, 2009 4:44 am
by robnet
Php can handle sessions pertty much completely automatically. Check out session_start().

Re: Manage Session IDs

Posted: Thu Oct 08, 2009 8:18 am
by farhan00
Yes and No.
Lets suppose you assign the session ID of SESSIONID. You do this in the page login_page.php. How is "displayupdate.php" or other php pages going to know that the SESSIONID variable you have maps to one unique user?

Re: Manage Session IDs

Posted: Thu Oct 08, 2009 9:06 am
by robnet
Why do you need to set the session id manually? Can't you let php's internal functions deal with it all? Just use session_start() on every page you need session stuff.