Answer the question
In order to leave comments, you need to log in
PHP sessions and authorization
Hello, I made authorization in PHP.
The following code is included at the beginning of each file:
session_start();
session_regenerate_id();
Answer the question
In order to leave comments, you need to log in
The session is a hash that is stored in the user's cookies, when the user accesses the script, PHP checks the hash and takes the session data from the file.
In general, the answer is: safe.
But that's why you're doing session_regenerate_id(); not clear, it is not needed.
Yes, it is safe because
But, I advise you to check the user's IP in order to at least protect yourself a little from session spoofing.
And yes, session_regenerate_id();
it's not necessary at all.
session_start();
$ip = $_SESSION['userIP'];
if (!$ip) {
$_SESSION['userIP'] = $_SERVER['REMOTE_ADDR'];
} elseif ($ip != $_SERVER['REMOTE_ADDR']) {
session_destroy();
session_start();
}
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question