What to store in a session

Question

What to store in a session

If the user successfully enters the password and username and you want to establish a session, what data should the sessions contain? I'm pretty confused by this, I read that it should be a randomly generated string, is it possible to store a hashed user_id + salt? I want to make sure that this is really the correct user:

The form:

<form method="POST" action="">
<input type="hidden" name="auth_token" value="<?php echo $form_token; ?>">
Username: <input type="text" name="username">
Password: <input type="password" name="password">
<input type="submit" name="action" value="Login">
</form>

I want to do something like the following:

if form token in session = form_token var in form
  if username and password are correct
    set session hash(user_id + salt)

Edit: I forgot to add, most likely, it will be on shared hosting.

+3

php

john_eng Dec 29 '10 at 22:26

source share

4 answers

.

, .., , cookie. , .

+1

ceejayoz 29 . '10 22:28

. - , , , . .

+1

profitphp 29 . '10 22:29

, , ? , :

<?php

if ($_POST["username"] == 'test' && $_POST["password"] == 'test') {
   $_SESSION['authenticated'] = true;
}

?>

+1

Saul 29 . '10 22:30

Alex Miller · Accepted Answer · 2010-12-29T22:29:08+0000

. cookie , " " , . -, , , .

.

$_SESSION["UserAuthenticated"] = true;
$_SESSION["UserID"] = $userID;

What to store in a session

More articles: