Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
alex-vod2015-05-09 17:58:26
PHP
alex-vod, 2015-05-09 17:58:26

What should be the correct authorization?

Will it be considered an error if I authorize a user by his id. For example, there is a form with fields for login and password, I compare them with those in the database and if they match, then I write to the session $_SESSION['auth']='1';
And then I check like this:

if ($_SESSION['auth'] == '1') {
echo 'Вход';
}
else {
echo 'Выход';
}

Is this correct from a security point of view? How to do it differently?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
I
IceJOKER, 2015-05-09
@alex-vod

the main thing is not to store it in cookies, otherwise you can manually write auth=1 there and voila.
For example, you can save id and hash = password + salt, and then check, there are different options.
SESSIONS are stored on your side, so they are more or less secure

Similar questions
B
Boris Greinov2021-03-18 20:53:14
Synthesizing speech to a website but not Web Speech Api? 3Reply
A
Anton2021-03-27 12:39:53
Getting the selected radio item and passing it to the email body, how to display the selected item? 2Reply
D
Dmitry2019-09-20 14:21:34
Does not download files from utorrent, openwrt firmware? 1Reply
I
ibr_982017-04-24 19:18:51
Why doesn't "MouseEnter" work in visual c#? 2Reply
M
MarEeeeeee2021-04-07 17:49:27
Do I get an error when using useState? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question