Thread: Php sessions?

    #1
  1. No Profile Picture
    Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2003
    Location
    Yerevan, Armenia
    Posts
    224
    Rep Power
    12

    Php sessions?


    Hi guys,
    I would like to hear your opinion on whether it's secure to use php sessions, for authentication in something like a chat system. I personally believe that it would be better to write a db based mechanism instead.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2001
    Posts
    102
    Rep Power
    13
    how would you want it to be session based only?
    the login and password (or whatever) you store in a session, yes. but you need to compare it to some other values (ie. db, text file, cookie)...
  4. #3
  5. mod_dev_shed
    Devshed Supreme Being (6500+ posts)

    Join Date
    Sep 2002
    Location
    Atlanta, GA
    Posts
    14,817
    Rep Power
    1099
    This topic has been covered extensively. Search the forums to find some really nice threads on PHP session security and the different ways to approach it.
  6. #4
  7. No Profile Picture
    Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2003
    Location
    Yerevan, Armenia
    Posts
    224
    Rep Power
    12
    I did not mean storing passwords in session variables. I meant compating the password the user entered with the one in the db, and then if they matched registering a session. That way you could check whether the session is registered at each user action, e.g. posting in a forum.

IMN logo majestic logo threadwatch logo seochat tools logo