Quick question on session security.
Posted
by Scarface
on Stack Overflow
See other posts from Stack Overflow
or by Scarface
Published on 2010-03-30T00:09:24Z
Indexed on
2010/03/30
0:13 UTC
Read the original article
Hit count: 634
php
Hey guys, I was scanning my site for security and I noticed that it was possible for non users to send requests and post information, so I decided to put login checks on all information posts. I was wondering if it was a good way to keep a session id that is created by md5(uniqid());
in a session variable $_SESSION['id']=md5(uniqid());
for each user and then store that in a database under active users for that user. Then when a user tries to insert information, verify that their $_SESSION['id'] variable is equal to the one in the database where the username equals their $_SESSION['username']. What are your ideas on this guys? Thanks in advance!
© Stack Overflow or respective owner