I’m new to PHP and trying to get my head around security. I have

Question

0

Asked: May 13, 20262026-05-13T22:16:38+00:00 2026-05-13T22:16:38+00:00

I’m new to PHP and trying to get my head around security. I have

0

I’m new to PHP and trying to get my head around security.

I have an admin page that gives access to certain administrative tasks. Right now, it lets you repopulate database tables with some seed data.

To access the admin page, you first need to login. Currently the login is not over https (it will be soon).

If you authenticate, a token is written into $_SESSION. In every admin page, the token is checked. If invalid, the page is redirected to the login page.

My question:

Is this the proper way to “lock” down sensitive administrative tasks in PHP? Checking a value inside the $_SESSION variable? What more should I be doing?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-13T22:16:38+00:00

Editorial Team

2026-05-13T22:16:38+00:00Added an answer on May 13, 2026 at 10:16 pm

That’s pretty much the standard way to do it. Authenticate the user against your user database / password file / some other authentication data, store the state of authentication in a session variable and finally check whether the session variable is properly set every time the user attempts to make an action that requires authorization.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m new to PHP and trying to get my head around security. I have

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply