1

Is it safe for me to use in live website?

member.php

if($_SESSION['login'] == 1) //member stuff

$_SESSION['login'] is set after user authenticate via login.php

Improve this question
1
  • 1
    Reminded me of Szell from Marathon Man... Commented Jun 6, 2011 at 10:14

5 Answers 5

Reset to default
1

Session security in PHP is often asked about - see PHP Session Security for pretty good answers.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

In general: yes. You may want to set a bit more variables, but sessions are only available to php and not the user. The part where it gets exciting in terms of security is how you handle your authentication.

Improve this answer

Comments

0

Yes, you should check if $_SESSION is set too.

if(isset($_SESSION['login'])) { ... if($_SESSION['login'] == 1) { ...
Improve this answer

1 Comment

nested ifs? if( isset($_SESSION['login']) && $_SESSION['login'] == 1 ) The right hand part of the expression isn't evaluated if the left hand is false, so no notice will be generated
0

It's safe as the $_SESSION state is stored on your server, not sent back to the client.

Improve this answer

Comments

0

Using sessions is better than using cookies when checking for logins/authentication since they can be altered as it communicates with the server from client side when session are only used for server side reading.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.