I am starting work on a large development with some pretty sensitive data so want to push to make the site as secure as possible. I have been reading a bit about security but am having a bit of trouble understanding how session_id works.
if(!$_SESSION['username'] || !$_SESSION['userlevel'])
// Not logged in, redirect
Obviously there is a lot of other code from the login page to make that secure but my problem is how do i use session_id to help check a user is permitted to view the page? Should i be storing the username/session_id in the database to refer back to on each page?
I'm sorry if this is an extremely stupid question,
Last edited by oMIKEo : 12-16-2008 at 12:12 AM.
The Following User Says Thank You to oMIKEo For This Useful Post:
I want ask you:
- If login sucessfful (i.e: when user login and check to "Remember account"), i will create 1 cookie same time?
- why HTTP_USER_AGENT and regenerate_id() secure. You can talk about it clearly.