Sessions

    Date: 04/20/06 (PHP Community)    Keywords: no keywords

    I've gone through and made my own login system, so I'm familiar with how they generally work. Now, I've gone around and looked into making sessions safer, and I have a question.

    A concept I found pretty snazzy was that you don't start the session until after they successfully log into a site. That's awesome. My question is pretty quick: on all the following pages, what would the if statement look like to start the session? Would the following work?

    if($_COOKIE['name_of_session']) session_start()

    If so, is it still possible for an attacker to force a session to start if they know the name of your session cookie? On a site where registration is open to the public, is there any benefit from keeping sessions for logged-in users, when anyone can come and register?

    Source: http://community.livejournal.com/php/441688.html

« A Stuck Newbie || date/time formatting »
Search  •  Site Map  •  Set as Homepage  •  Add to Favourites  • 
antivirus | apache | asp | blogging | browser | bugtracking | cms | crm | css | database | ebay | ecommerce | google | hosting | html | java | jsp | linux | microsoft | mysql | offshore | offshoring | oscommerce | php | postgresql | programming | rss | security | seo | shopping | software | spam | spyware | sql | technology | templates | tracker | virus | web | xml | yahoo | home