Do sessions use cookies? It is possible to use PHP sessions without a cookie by adding the session ID to url’s, however by default it is done by a single cookie being stored with a unique session ID. The server stores the actual session values, the users browser stores their unique ID for the server […]
Category: Sessions
$_SESSION security
$_SESSION[] in PHP is secure, but of course if is only as secure as your application makes it. The session variables / parameters are stored at the server level, with the user given a pseudorandom string (“session ID”) for them to identify themselves with. The weakness is if that string is intercepted by an attacker, […]
Admin Users
Simple Admin User Session Approach The log in / log out page <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Admin Log In</title> <?php if ( !isset($_SESSION)) session_start(); //LOG IN URL: // www.my_domain.com/admin_login.php?adminid=somerandomgibberish //LOG OUT URL: // www.my_domain.com/admin_login.php?adminid=0 if ( isset($_GET[‘adminid’]) && ($_GET[‘adminid’] == "somerandomgibberish") ) { […]