Keep "password ok" in php session variable?

Question

Keep "password ok" in php session variable?

Is it safe to store a password in a session variable?

For example, use will be in a form that is left to its own devices.

For example, the ad change page, where users first enter the password, and then, if pass = ok, show the form for the change classified. All on one php page.

But whenever the image is loaded in the “change” part of the php page, the form should be sent to itself again.

Should I use a store session password here to make sure that the user is actually a user and that he is safe?

In other words, is it safe to store something like this:

 if($pass==$row['password']){ // If password was correct
    $_SESSION['pass_ok']='1';
 }

thank

+3

javascript html security php mysql

user188962 17 . '10 9:33

4

. , ( ) ( ) .

+1

Petah 17 . '10 11:16

,

+ userLOGGEDIN session
, + userLOGGEDIN, true , , , , , + userLOGGEDIN MD5 HASH. , , .

0

Daniel Lambert 24 . '13 15:19

source share

I would advise doing this. If someone logs in and copies the session ID, they can theoretically log into any page. I would advise you to check the password in the order on each page refresh, as this will be more secure.

Also, always store passwords hashed in the database, or better yet, hashed salts.

-2

Thomas O Oct 17 '10 at 9:35

source share

Nands · Accepted Answer · 2010-10-17T11:07:52+0000

Camran, , , - php-. , , . $ _SESSION [ 'pass_ok'] = '1';

session_start(), 1, , , -, .

- , . , .

SSl (https),
ip , , , ip
- , , .

Keep "password ok" in php session variable?

More articles: