Login/Registration System with php and mysql

Question

I would like to make a simple user login/registration system using PHP and mysql. I don\'t need to get any information beyond what is necessary for the user to log in and ou

Answer 1

A few notes on some missing considerations:

PHP sessions typically already use cookies: the session ID is stored as one.

Sessions can be hijacked; you should also take steps to reduce the possibility (start by reading "PHP: Preventing Session Hijacking with token stored as a cookie?" and "What is the best way to prevent session hijacking?").

Related to hijacking is fixing, where an attacker picks the session ID. There are two ways of combatting this: set session.use_only_cookies (the default in PHP >= 5.3) and change the session ID when a user logs in with session_regenerate_id.

Also see the question "PHP Session Security" and article "PHP Security Guide: Sessions".