PHP URL Session

Question

cguan_77 8 Nearly a Posting Virtuoso

7 Years Ago

Hello guys, just need your insight.

Just a noobie in PHP, I have this scenario after a user logged in and is authenticated. It will be redirected to another URL.

If the user booked mark the URL and next time just go directly to the URL.

What's the best way to check whether the user is authenticated or not? So if the user don't have the session or had bypassed the login, the URL won't load.

Thanks in advance.

php

2 Contributors
4 Replies
366 Views
4 Days Discussion Span
Latest Post 7 Years Ago Latest Post by cguan_77

diafol

7 Years Ago

Not sure if you were interested in a "remember me" option. This page has some great advice on authentication security.

https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#title.2

cereal commented: great resource! +14

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

diafol · Answer 1 · 2017-06-19T08:31:10+00:00

I'm not sure what you need, but in general if you have a members only page, then you'd protect it with something like:

session_start();
if(!isset($_SESSION['id'])) {
    header('Location: notmember.php');
    exit;
}

That's pretty basic though.

cguan_77 8 Nearly a Posting Virtuoso · Answer 2 · 2017-06-24T00:44:08+00:00

Thanks Diafol, just starting PHP don't have really much knowledge. Thanks for the input.

What sort of security do I need to employ on it?

$_session is not prone to session hijacking? or smart users work around?

cguan_77 8 Nearly a Posting Virtuoso · Answer 3 · 2017-06-24T00:46:42+00:00

The link Diafol is awesome, SHA is not yet broken right? Just kidding, I will take a look on it. Thanks again.
Cheers!