best authentication method PHP5
Earlier i would take username and password, match with db and on success redirect
Code:
session_register("myusername");
On every page that is viewed i would include a file that checks if the session is registered or not.
Now that session_register is deprecated, i did try to google alot to see what would be the best way to authenticate. With the above method i always noticed lots of hacking, session hijacking happening.
WHAT IS THE BEST AND MOST SECURED AND EFFICIENT WAY TO AUTHENTICATE. IS THERE AN OBJECT ORIENTED WAY OF ACCOMPLISHING THIS?
thank you
Re: best authentication method PHP5
Always use session_name(), not session_register().
Re: best authentication method PHP5
Quote:
Originally Posted by
PeejAvery
Always use session_name(), not session_register().
should i provide the name?
Also what should i check for in other pages to make sure un authenticated users donot access those pages?
Re: best authentication method PHP5
Always provide a name...unless you want session stealing and poor security.
Upon logging in, save the current user to a session variable named user. Then check for that session variable at the beginning of every page.
Re: best authentication method PHP5
Quote:
Originally Posted by
PeejAvery
Always provide a name...unless you want session stealing and poor security.
Upon logging in, save the current user to a session variable named user. Then check for that session variable at the beginning of every page.
would the below be rite
Code:
mysql query results in a match.
$user = data['username'];
$_SESSION['user'] = $user;
session_name($user);
AND ON EVERY PAGE CHECK BELOW
Code:
if(isset(session_name($_SESSION['user'])))
//good
else
//redirect to index.php
Please correct me if its not the most efficient way.
Re: best authentication method PHP5
It works...but instead of putting the code at the top of every page...create an authentication.php file and require it at the top of every page.
Re: best authentication method PHP5
Quote:
Originally Posted by
PeejAvery
It works...but instead of putting the code at the top of every page...create an authentication.php file and require it at the top of every page.
yea i know it works....... yea i will include it into a file but is this the best way ? i wish to know if there is a better way i can accomplish this.
Re: best authentication method PHP5
Yes. An required header file is the only way to assure security across all the pages.
Re: best authentication method PHP5
Quote:
Originally Posted by
PeejAvery
Yes. An required header file is the only way to assure security across all the pages.
wat do you mean by a required header file is the only way to assure security?
Re: best authentication method PHP5
If you don't require a header file at the top...then how do you expect to restrict it's access? Other than .htaccess...but that excludes any database interaction.
Re: best authentication method PHP5
Quote:
Originally Posted by
PeejAvery
If you don't require a header file at the top...then how do you expect to restrict it's access? Other than .htaccess...but that excludes any database interaction.
gotcha... would session_destroy be the right way on a logout ?
Re: best authentication method PHP5
Re: best authentication method PHP5
It may be interesting to keep your sessions in a database as well. On a shared server this may resolve security issues with other websites hosted on the same box.
