发表新帖
发表新帖

Securely creating and destroying login sessions in PHP

后端 未结
关注
5 980
别跟我提以往
别跟我提以往 2020-12-13 00:58

This is my code to control authentication on a website. I\'m not sure if my logic is correct. If the username and password are correct the following happen:
5条回答
  • 鱼传尺愫
    鱼传尺愫 (楼主)
    2020-12-13 01:40

    You can first use session_id() to determine whether the user already got a session, if not, then use session_start().

    example codes from Lithium framewrok:

    /**
 * Starts the session.
 *
 * @return boolean True if session successfully started (or has already been started),
 *         false otherwise.
 */
protected static function _start() {
    if (session_id()) {
        return true;
    }
    ...
    return session_start();
}

    After call _start(), you can safely call session_destroy()

    0 讨论(0)
 看不清?
提交回复
热议问题