Re: [PHP-DB] session management
Here I have a blog I setup but have not finished regarding web application authentication which includes source code and classes you can utilize. Unfortunately I have not been able to finish writing the article due to three jobs and school work. I can however assist you in getting it up and running via this message board. http://wtf-jas.blogspot.com/2010/04/web-application-authentication.html Richard Quadling wrote: On 22 April 2010 18:56, Vinay Kannan viny...@gmail.com wrote: Hey Guys, I need some help on an effficient session management, right now what I do is check if the user has loggedin using his username, and create a SESSION['logged']=1, setting a login flag actually, I am not sure if this is the best way ? What do you guys use for sessions, and which is the best possible way ? Thanks, Vinay https://code.google.com/p/loginsystem-rd/ This was developed as an easy drop-in secure login facility. It may give you some mileage. -- Jas -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] session management
How secure would you want it? Is this is a public facing web application? Are you in a shared hosting environment vs. a dedicated hosting environment? Do you require alternative session management such as database or mcache vs. flat file session support? Have you thought about cross site request forgery's? session hijacking etc? There are tons of things to take into consideration but setting a flag per user session is indeed one method of ensuring a user has authenticated. Vinay Kannan wrote: Hey Guys, I need some help on an effficient session management, right now what I do is check if the user has loggedin using his username, and create a SESSION['logged']=1, setting a login flag actually, I am not sure if this is the best way ? What do you guys use for sessions, and which is the best possible way ? Thanks, Vinay -- Jas -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] session management
Hi Jason, Yes this is going to be a public facing application with 3 level heirarchy, and maybe around 100 tiny companies(3-4 employees) using it. App is going to be on a Hosted Server. DB session mgmt would be a bit slower, is it? I have thought about cross site forgery and session hijacking, but the more I think about it, I realize the lesser I know about it all :( So thought this would be the best place to start. Thanks, Vinay On Thu, Apr 22, 2010 at 11:19 AM, Jason Gerfen jason.ger...@scl.utah.eduwrote: How secure would you want it? Is this is a public facing web application? Are you in a shared hosting environment vs. a dedicated hosting environment? Do you require alternative session management such as database or mcache vs. flat file session support? Have you thought about cross site request forgery's? session hijacking etc? There are tons of things to take into consideration but setting a flag per user session is indeed one method of ensuring a user has authenticated. Vinay Kannan wrote: Hey Guys, I need some help on an effficient session management, right now what I do is check if the user has loggedin using his username, and create a SESSION['logged']=1, setting a login flag actually, I am not sure if this is the best way ? What do you guys use for sessions, and which is the best possible way ? Thanks, Vinay -- Jas
Re: [PHP-DB] Session management
On 7 Feb 2002, at 18:36, Danny Kelly wrote: Hello, I am trying to set up a session management system for my site. Check out my site (under development) http://www.planttel.com/newsite2/home.php I have a user auth system installed already. What I want is when a customer clicks on log in that it will prompt them for a user name and password (which I have established) with a check box that says Remember my password So when the user comes to the site they will already be logged.. Can some one shed some lite on that for me.. A TOTAL NEWBIE!!! You should read the following. The example code is in Perl but the concepts are the same: Basic Cookie Management http://www.stonehenge.com/merlyn/WebTechniques/col61.html Randal really slams bad cookie management. Me, I don't like using cookies at all anyhow. I like putting it in the url. Perl has more than a few CPAN modules to handle this. But it would be a lot of work to re-write any of those in PHP. I'm pretty much a PHP newbie myself. I often look here for classes: http://phpclasses.upperdesign.com/ And here are some for session management: http://phpclasses.upperdesign.com/browse.html/class/21/ I just recently put Sessionara on a site I'm developing but the docs are skimply and it didn't work for me out of the box as I would have liked. But you might want to look at it. One thing is that it uses global and I HATE using global. This does not use cookies. I think you want a system that uses cookies. Try phpbuilder.net http://phpbuilder.net/search/?sort=Scoremethod=andconfig=forumrestri ct=exclude=words=sessions Lots of stuff there. They probably have an article. Peter --- Reality is that which, when you stop believing in it, doesn't go away. -- Philip K. Dick -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php