limiting content by session ok?

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: macek, egami, gesf

iam4423
New php-forum User
New php-forum User
Posts: 50
Joined: Fri Jan 20, 2012 8:00 am

limiting content by session ok?

Postby iam4423 » Sun Apr 22, 2012 3:49 am

throughout my site i have been defining user only content by using

Code: Select all

if(isset($_SESSION['ID_User']))

i then have a code that runs on each page load that checks ID_User and a few other sessions against the database and if they don't match up it runs session_destroy(); i was just wondering if this is secure or should i be doing something else to limit user only content?

User avatar
macek
php-forum Active User
php-forum Active User
Posts: 277
Joined: Wed Aug 25, 2010 10:42 am
Contact:

Re: limiting content by session ok?

Postby macek » Mon May 07, 2012 12:36 am

This is a good solution. Of course, this could be hacked (AS EVERYTHING) but it is not so easy.

Second solution could be to create secured folder on server and password it by .htaccess.

Third solution is SSL ,..

But I'm using SESSION User Authentication and it works fine ;-)

johnj
php-forum Super User
php-forum Super User
Posts: 1805
Joined: Thu Mar 10, 2011 5:07 pm

Re: limiting content by session ok?

Postby johnj » Thu Mar 14, 2013 5:11 am

Limiting data access using session variable is ok but if you can afford it then using SSL will be an added bonus as far security of your website is concerned.


Return to “PHP & MySQL Security”

Who is online

Users browsing this forum: Bing [Bot] and 1 guest