Quick question on session security.

Posted by Scarface on Stack Overflow See other posts from Stack Overflow or by Scarface
Published on 2010-03-30T00:09:24Z Indexed on 2010/03/30 0:13 UTC
Read the original article Hit count: 634

Filed under:

Hey guys, I was scanning my site for security and I noticed that it was possible for non users to send requests and post information, so I decided to put login checks on all information posts. I was wondering if it was a good way to keep a session id that is created by md5(uniqid()); in a session variable $_SESSION['id']=md5(uniqid()); for each user and then store that in a database under active users for that user. Then when a user tries to insert information, verify that their $_SESSION['id'] variable is equal to the one in the database where the username equals their $_SESSION['username']. What are your ideas on this guys? Thanks in advance!

© Stack Overflow or respective owner

Related posts about php