Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New to the CF scene
    Join Date
    Dec 2006
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Securing pages with sessions

    I've created my own login system. I have all protected pages using sessions for security. If the session doesn't exist the user is directed to the login page.

    I just want to know if this method is recommended (or not) and if there is anything else I should be doing to secure the protected pages.

    Thanks for your advice.

  • #2
    ess
    ess is offline
    Regular Coder
    Join Date
    Oct 2006
    Location
    United Kingdom
    Posts
    866
    Thanks
    7
    Thanked 30 Times in 29 Posts
    Without looking at your code, it is quite difficult to state whether you have applied good security policies in your code or not.

    However, session vars are usually used for securing parts of a website in order to track who has logged in and who has not. But, there are many techniques out there to apply these policies...for example, a lot of people make use of a database to store session variables data.

    Here is a well known tutorial on how to make use of MySql to store session data.

    http://www.devshed.com/c/a/PHP/Creat...-Login-Script/

    Also, I would consider using SSL. There are a number of organisations that provide free SSL and it is strongly recommended that you use one.

    Good luck
    Ess


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •