TalkPHP - View Single Post

oMIKEo · 12-15-2008, 10:18 PM

Hi guys,

I am starting work on a large development with some pretty sensitive data so want to push to make the site as secure as possible. I have been reading a bit about security but am having a bit of trouble understanding how session_id works.

In the past my login scripts sets something like:

PHP Code:


			
$_SESSION['username'] = $username;

$_SESSION['userlevel'] = $userlevel;

And then on secure pages i use something like:

PHP Code:


			
if(!$_SESSION['username'] || !$_SESSION['userlevel'])

{

    // Not logged in, redirect

    header("Location: login.php")

}

Obviously there is a lot of other code from the login page to make that secure but my problem is how do i use session_id to help check a user is permitted to view the page? Should i be storing the username/session_id in the database to refer back to on each page?

I'm sorry if this is an extremely stupid question,
Mike

12-15-2008, 10:18 PM	#1 (permalink)
oMIKEo The Contributor Join Date: Jan 2008 Location: Leeds Posts: 52 Thanks: 7	Understanding Session ID Hi guys, I am starting work on a large development with some pretty sensitive data so want to push to make the site as secure as possible. I have been reading a bit about security but am having a bit of trouble understanding how session_id works. In the past my login scripts sets something like: PHP Code: `$_SESSION['username'] = $username; $_SESSION['userlevel'] = $userlevel;` And then on secure pages i use something like: PHP Code: `if(!$_SESSION['username'] \|\| !$_SESSION['userlevel']) { // Not logged in, redirect header("Location: login.php") }` Obviously there is a lot of other code from the login page to make that secure but my problem is how do i use session_id to help check a user is permitted to view the page? Should i be storing the username/session_id in the database to refer back to on each page? I'm sorry if this is an extremely stupid question, Mike Last edited by oMIKEo : 12-16-2008 at 12:12 AM.