How secure would you want it? Is this is a public facing web application?
Are you in a shared hosting environment vs. a dedicated hosting
environment? Do you require alternative session management such as
database or mcache vs. flat file session support?
Have you thought about cross site request forgery's? session hijacking etc?
There are tons of things to take into consideration but setting a flag
per user session is indeed one method of ensuring a user has authenticated.
Vinay Kannan wrote:
I need some help on an effficient session management, right now what I do is
check if the user has loggedin using his username, and create a
SESSION['logged']=1, setting a login flag actually, I am not sure if this is
the best way ?
What do you guys use for sessions, and which is the best possible way ?
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php