Reputation: 1429
secure php session handling that uses mysql storage
I’m trying to find a lightweight PHP session handling library, i’ve googled and fallen into confusion.
- I want a library that stores sessions using MySQL
- allows kicking out of logged in user
- does ip matching
- browser matching
- secure to session hacking etc.
Any ideas?
Upvotes: 1
Views: 2965
Answers (3)
Reputation: 428
You may want to check out this class that I made a while ago... it does everything that you say expect for kick a user out, but you can mae a function that does that in 5 minutes (just call the delete method with the user id that you want to kick out).
It still needs documentation and some tweeks here and there, but you can give yourself an idea of how is done.
I wouldn't relay on user's IP for security, if they're using rotating IP (some cellphones companies) or they're behind thor or something you're going to have issues, use user_agent instead.
Upvotes: 0
Reputation: 5426
You could have a look at this article by Chris Shiflett, which describes making changes to session_set_save_handler().
Upvotes: 1
Reputation: 9007
If you're familiar with MySQL and PHP it's rather trivial to write your own session handler.
http://php.net/manual/en/function.session-set-save-handler.php
It may be faster to write a personalized one than searching for exactly what you want.
Upvotes: 1
Related Questions
- PHP storing db credentials in session
- Securing user sessions and data for web app using Php and Mysql
- PHP session based login system security
- Best way to keep user specific session info secure
- can Session be used to store secure info?
- PHP how to start a secure session
- Custom 'secure' php and MySQL user login session system
- How to make a secure session with php and mysql?
- Security on this script
- sensitive data storage in sessions?