My site needs a way to know whether a user is an admin or not in multiple pages. So is it safe to store whether a user is an admin or not in session variable? Or is there a better alternative (Maybe another superglobal variable?), It will only hold a number.
athulram 0 Newbie Poster
phorce 131 Posting Whiz in Training Featured Poster
Hey,
Yes, I would say it's safe, well, safer than using something like a cookie (Because a SESSION is server side). You could also store the users IP (or other validation checks) which are then checked everytime the data is then used. This could be one option. Also destroy the session after a certain time / inactivity; it depends on the nature of the site though.
Hope this helps :)
veedeoo 474 Junior Poster Featured Poster
Hi,
You can try logging in the admin first, and then generate a random security salt, assign this salt to session e.g. $SESSION['security'] = 1653e9gg4r99s@$7700)llls434rf853~, and then on your member's database table, you must insert this in session column. While the admin hops over pages, you can double check if the session salt still matches with the one recorded on the database. Session expiration will help also e.g. 45 minutes to generate a new salt, update database session column. Upon logout of the admin database session entries should also be unset. In my logged in sytem, I post salt as session, and then the IP address of logged in members.
BenzZz 0 Junior Poster
Sessions should be fine, and the data could be secured more with encryption as stated in the post above. Sessions are actually PHP's way of encapsulating cookies thus cookies still are being used however session data cannot be accessed directly as opposed to cookies.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.