|
Session's - Is this the best way?
Ok, I am trying to make as secure of a script as I can without using SSL. I found a page on it (http://www.devarticles.com/c/a/MySQL...ssions-in-PHP/ ) and I want to know if this is right:
Say I have a user table something like like this: CREATE TABLE users ( username varchar(255) NOT NULL, email varchar(255) NOT NULL, password varchar(255) NOT NULL, sid varchar(32), ) Every time someone logs in I create a SID value and stick one copy in the user's database table and another in a cookie to give back to the user. Then every time a page is requested I check the session ID in the cookie against the one in the database and if it is found then I let them in. Now, is there anything else that I could do to make the session ID more secure? Should I make a new table and call it sessions and make have it contain the SID and userID? Also, I have lots of strlen(), mysql_real_escape_string(), gettype(), etc... functions to clean the values so don't worry about that. I just want to know how to keep the user's sessionID from being hijacked by a hacker. :cool: Thanks, David |
Sessions
Ok, I have found some more reading if anyone else is interested:
Store Session Data in a MySQL Database Download Chaper 4 of phpsecurity Trick-Out Your Session Handler PHP 101 (part 10): A Session In The Cookie Jar Session Handling with PHP 4 http://www.480x.com/2006/05/23/php-o...anced-servers/ |
| All times are GMT -5. The time now is 1:42 AM. |
Powered by vBulletin® Version 3.7.0, Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Copyright ©2007 DaniWeb® LLC