Home/ Questions/Q 546329
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T10:51:20+00:00

I’m fairly new to PHP and am looking for some best practices on how

  • 0

I’m fairly new to PHP and am looking for some best practices on how to implement authentication in PHP.

I’m an evangelist for Adobe and one of the things that annoys me is when people use Flex/Flash for the login screen. So I want to do a blog post/example on using an HTML/PHP login page and then passing the session information to Flex -after- the session has been set.

I’m still wrapping my head around exactly what PHP needs to create a valid session and how it sets cookies. So examples or information that specifically relate to that would be very helpful.

Thanks in advance,

=Ryan ryan@adobe.com

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    As has been said, there’s quite a lot to creating a robust and secure authentication system in PHP, but the fundamentals are easy to grasp.

    The first thing you want to do is call session_start(). Once you’ve done this you can get and set session variables using the $_SESSION superglobal:

    session_start();
$_SESSION['foo'] = $foo;
$bar = $_SESSION['bar'];

    Once you’ve done this you can set log in details for the current user upon a successful log in and have them persist over pages (remembering to call session_start before using them). Also, session_start must be called before any content is sent to the browser.

    There are security issues to consider, such as session fixation and cookie theft, however. One approach to session fixation, for example, is to regenerate the user’s session ID upon elevation of privileges using PHP’s session_regenerate_id (or something like that).

    The PHP Security Consortium has lots of useful info.

    Cookies can be manipulated using the setcookie function.

    • 0