troubleshooting Question

PHP5 - Best way to authenticate users on a small scale site.

Avatar of knuckle05
knuckle05 asked on
3 Comments1 Solution256 ViewsLast Modified:
Hi All,

I'm building a small site using PHP5, MySQL, and Apache.

What I'm wondering is this:

Say for example a user logs in and I set my various session variables to store their user name and encrypted password.

I then redirect them to their account page. This page and its arguments assume this form:


where 'id' = the user's account ID.

What is the best way to prevent the logged in user from manually changing the URL to "id=124", "id=125", etc. and then gaining access to another user's account?

My solution would be to include a file at the top of EVERY page that needs user authentication and check the session against the id URL argument, either by including a list of valid ID's in another session variable, or by opening up the database and doing a check.

Theoretically this would work, but is there a "better" or more elegant way to achieve this?


Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 3 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros