Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter General Help Is it safe to use sessions for user validation?
Is it safe to use sessions for user validation?
  • Offline ronaldv
    Junior Member
  • **
  • Posts: 13
    Threads: 6
    Joined: Nov 2015
    Reputation: 0
#1
06-16-2017, 03:19 PM
(This post was last modified: 06-16-2017, 03:31 PM by ronaldv.)

I have a website with user registration & login. On login, after username and password are validated, I create a session like this:

PHP Code:
$this->session->set_userdata('user_id'$user->id); 

and then in Controllers and Modals I use this data to validate or identify users:

PHP Code:
$user_id $this->session->userdata('user_id');

if ($user_id == '') {
    // user has not logged in and shouldn't have access to user-area pages.  
    ...
}

$query "SELECT * FROM users WHERE user_id='" $user_id "' ..."

Is this method safe or good practice? Is it possible for malicious users to manipulate the session data?
Reply


Messages In This Thread
Is it safe to use sessions for user validation? - by ronaldv - 06-16-2017, 03:19 PM



Theme © iAndrew 2016 - Forum software by © MyBB