Menu
I'm having a small bit of doubts here as to how sessions should be handled.
Right now, I have a MySQL database where the "users" table has a field for session_id. If NULL, the user is not logged in? If the value is the same as the value of the PHPSESSID cookie, than the user is logged in.
I don't know why, but I somehow feel this isn't good enough a way to make sure which user I'm dealing with. Is there something I'm missing, or do my fears hold no ground?
331
There's nothing essentially wrong with what you describe as far as I can see.
Of course, your login and logout mechanisms need to reliably add and remove the user ID when logging in or out. (insert a user name only when passwords match, etc) . Also, expired sessions need to be removed reliably. If that is given, this should be fine.
51
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
