Beau
26-11-2007, 05:39 AM
Hi all,
For those security buffs out there, I have a question regarding my use of sessions.
When I log someone in, I make three sessions. One of them is a simple loggedin (with a value of true), one of them is a lastactive session, which holds the output from time(). The last is the UID of the user. On each page, I have a function that selects the user's row from the database and returns all the data into a variable, allowing me to access it easily. I'm just a little paranoid that it mightn't be a very secure way of going about things, so if you have any expertise, let me know. Also, I'm thinking about adding session_regenerate_id to the mix as well, to make things more secure. Good idea or bad idea?
For those security buffs out there, I have a question regarding my use of sessions.
When I log someone in, I make three sessions. One of them is a simple loggedin (with a value of true), one of them is a lastactive session, which holds the output from time(). The last is the UID of the user. On each page, I have a function that selects the user's row from the database and returns all the data into a variable, allowing me to access it easily. I'm just a little paranoid that it mightn't be a very secure way of going about things, so if you have any expertise, let me know. Also, I'm thinking about adding session_regenerate_id to the mix as well, to make things more secure. Good idea or bad idea?