How secure is this approach |
[eluser]keevitaja[/eluser]
Hi, when username and password match i add logged_in = TRUE to my session data which is stored in mysql. when i need to protect some pages i just check if logged_in === TRUE. How secure is my system? all user inputs are escapet! Code: $config['sess_cookie_name'] = 'something_session';
[eluser]Joseph Wensley[/eluser]
I went through this on here once, I was doing the same thing you are but realized that if a user is deleted or something they could still be logged in because there session might still exist. I think the best thing to do is just check the DB on each page load to make sure they are still logged in. my orignal thread - http://ellislab.com/forums/viewthread/144607/ |
Welcome Guest, Not a member yet? Register Sign In |