Security using session variables

hbk
Member • Jul 18, 2008

Security using session variables

hey guys.

i hav this page (a.php), where i ask te user for his username and password. I match these with static values, and upon succesful matching, i redirect the user to b.php.

my prob-

what if somebody, instead of going thru the normal procedure (from a.php to b.php after verification), directly types in the url for b.php into the address bar???

will that not SHATTER my security??

how can i implement security so that if some1 has not signed in (on a.php) and directly enters the url of b.php, he is

1. sent back to (a.php)
or
2. nothing is displayed on b.php

pls. help

thanks a lot.

Replies

Howdy guest!

Dear guest, you must be logged-in to participate on CrazyEngineers. We would love to have you as a member of our community. Consider creating an account or login.

Replies

Prasad Ajinkya

Member • Jul 20, 2008

Hi hbk,

Obviously, you are on the first step to making a XAMP based web application. Welcome 😀

A quick and dirty method is to have a authentication mechanism in b.php, which will check for the username and password submitted in form of a.php. Once the user is authenticated, then you can set a session variable userid = <user_id>.

Now, every page after the authentication takes place, you need to check one thing, <user_id> is present in session or not. If it is, then the user is authenticated, if it isnt, then the user is not authenticated (redirect to login).

Kapische?

Are you sure? This action cannot be undone.
Cancel
Prasad Ajinkya

Member • Jul 20, 2008

An addendum, you keep this checking in a file called as the header.php file, and include it in all the files instead of copy-pasting the codelet in each file.

Are you sure? This action cannot be undone.
Cancel