TalkPHP - View Single Post

Salathe · 09-21-2007, 10:13 AM

The session_regenerate_id function replaces the current session id with a new one, whilst keeping all of the session data intact. It is that part which is helping to prevent the problem of "session hijacking".

Your auth (authorisation and authentication combined) code, Tanax, will work just fine. Personally I'd go for the negative check with a redirect to a login page.

PHP Code:


			
if ( ! $auth->check())
{
    header('Location: full_url_to_login_page');
    exit;
}


... rest of page's code ...

09-21-2007, 10:13 AM	#7 (permalink)
Salathe Moderateur Join Date: Apr 2007 Posts: 1,393 Thanks: 5	The `session_regenerate_id` function replaces the current session id with a new one, whilst keeping all of the session data intact. It is that part which is helping to prevent the problem of "session hijacking". Your auth (authorisation and authentication combined) code, Tanax, will work just fine. Personally I'd go for the negative check with a redirect to a login page. PHP Code: `if ( ! $auth->check()) { header('Location: full_url_to_login_page'); exit; } ... rest of page's code ...`