Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am a first time php developer;
I track sessions this way:
session_start();
if (!isset($_SESSION['user']->iduser)) {
die('Access denied. <br><a href=login.php>Please login</a>');
}
is that correct approach?
Your code makes it seem as though you’re storing an entire object into a session-variable which would not be a great idea (could take up a lot of space, stores way too much data, is it even possible without serialize/unserialize?).
Also, if your user hasn’t been authenticated yet your code would throw a warning because
$_SESSION['user']isn’t set yet – so by checking for$_SESSION['user']->iduser, you’d be checking for a property/value on a null object. Your code should checkif (isset($_SESSION['user'])) {, and then possibly validate on that.I would recommend just storing the “essentials” in the session such as the user’s ID/username and encrypted password. Then, during each page load you re-validate the information against the database. It’s an extra query on each page-load, but it’s worth it (in my opinion).