Reputation: 43
PHP SESSION Security question
Is it safe for me to use in live website?
member.php
if($_SESSION['login'] == 1)
//member stuff
$_SESSION['login'] is set after user authenticate via login.php
Upvotes: 1
Views: 274
Answers (5)
Reputation: 35301
Using sessions is better than using cookies when checking for logins/authentication since they can be altered as it communicates with the server from client side when session are only used for server side reading.
Upvotes: 0
Reputation: 3761
In general: yes. You may want to set a bit more variables, but sessions are only available to php and not the user. The part where it gets exciting in terms of security is how you handle your authentication.
Upvotes: 1
Reputation: 4276
Session security in PHP is often asked about - see PHP Session Security for pretty good answers.
Upvotes: 1
Reputation: 22818
It's safe as the $_SESSION state is stored on your server, not sent back to the client.
Upvotes: 0
Reputation: 4190
Yes, you should check if $_SESSION is set too.
if(isset($_SESSION['login'])) { ...
if($_SESSION['login'] == 1) { ...
Upvotes: 0