Re: Handling sessions through cookies, is it safe?
- From: totalstranger <totalstranger@xxxxxxxxxxxxx>
- Date: Mon, 17 Jul 2006 08:48:23 -0400
On or about 7/16/2006 8:55 PM, it came to pass that s a n j a y wrote:
romayankin@xxxxxxxxx wrote:Agreed.I need to limit the session time for a particular user who is working
on my site. I'd also like to extend the session time each time user
performs some action (moves from one page to another). I've written the
following code to accomplish this task
/* Extending session */
if(isset($_COOKIE['username'])) {
setcookie ("username", $_POST['username'], time()+3600);
}
Variable $_COOKIE['username'] right after the authorization is
completed.
The problem is that I don't think this is a safe way to handle
sessions. Perhaps I should use $_SESSION global array to store the
username of the logged user?
In my opinion, all you should store in a cookie is session-id. Everything else, you store on server in either global session veriable or in a database.
Set a session variable with php time() and do your own timeout.
if (isset($_SESSION['$Server_time']) && (time() - $_SESSION['$Server_time']) > 600)
$_SESSION = array(); //break this session and restart when over 10 minutes
$_SESSION['$Server_time'] = time(); //time in seconds
.
- References:
- Handling sessions through cookies, is it safe?
- From: romayankin
- Re: Handling sessions through cookies, is it safe?
- From: s a n j a y
- Handling sessions through cookies, is it safe?
- Prev by Date: Re: multidimensional array declaration in php
- Next by Date: Re: Update only Xml node (PHP5)
- Previous by thread: Re: Handling sessions through cookies, is it safe?
- Next by thread: mysql encryption tutorial?
- Index(es):
Relevant Pages
|
