troubleshooting Question

Session, cookies and security

Avatar of xedstr
xedstr asked on
PHP
6 Comments1 Solution264 ViewsLast Modified:
I'm missing some good explanation about how to use sessions and cookies for security.

It seems possible to create sessions in different ways. I already received the information (from VGR) that it is not good to use the HTTP Basic Authentication. So I already adapted my login-page that starts with a form with 2 fields for login_id and password.

At the top of this page I have put : session_start(). When I check in a subsequent page (where I have also put the session-start()-statement) the existence of the session (with <?echo $_SESSION['thenameIgave']; ?> )=> the name seems to be passed to the next page.
But how do I control in each subsequent page that it is still the same session? When I use the statement : if (session is registered('thenameIgave')) => I get an error message...

Other, not-registered persons may not have the possibility to enter those protected pages. Suppose that he knows the name of the restricted PHP-files and puts them directly in the browser => until now this person still has access to those pages? How can I avoid this?

Even when a person has passed a succesful login -> I want to verify the time he is not active. After a period of 30 minutes inactivity, I want the session the be destroyed. I think it has to do something with cookies...

Can anyone give me some good examples or reading material about these subjects?

Thanks for any help,
EDS







ASKER CERTIFIED SOLUTION
VGR

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 6 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 6 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros