I have a web app in which after user is logged in, he/she has

Question

0

Editorial Team

Asked: June 16, 20262026-06-16T12:18:17+00:00 2026-06-16T12:18:17+00:00

I have a web app in which after user is logged in, he/she has

0

I have a web app in which after user is logged in, he/she has cookie set for username set by setcookie().

Please suggest better approach for security.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-16T12:18:19+00:00

Use PHP sessions instead of cookies. The session variables are server-side. PHP will automatically handle the session management. You can also overload its functionality if you want more control.

http://php.net/manual/en/intro.session.php

session_start();

$_SESSION['user'] = 'michael'

With PHP-sessions, only a session identifier is stored in the browser cookies. You can store any information in the superglobal variable $_SESSION, and the browser will not be able to see or tamper with these variables.

For extra safety, you should store the remote address that was used to login, and compare it on each page load. This is to make sure that nobody hijacked the session id and is pretending to be logged in from another location.

session_start();

if (_logging_in__) {
   $_SESSION['user'] = 'michael'
   $_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
}

To see if a user is logged in.

session_start();

if (isset($_SESSION['user'])) {
   // the user is logged in
   if ($_SERVER['REMOTE_ADDR'] != $_SESSION['ip']) {
      // the session id was hijacked so log out
      session_destroy();
      exit;
   }
}

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a web app in which after user is logged in, he/she has

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply