Menu
I'm wondering how secure the below code is:
if ($username == $user->username && $password == $user->password) {
$_SESSION['loggedIn'] = true;
$_SESSION['userId'] = $user->userId;
}
Basically, would there be any way for someone to fake the SESSION variable (besides actually stealing a users cookie)?
349
Seems fine to me. Just don't store the password or sensitive data in the session in case someone does steal the session id. I believe most of the security risks take place in getting the password to the server securely.
Also, you should store your password hashed at least. Making it (assuming $user->password is hashed using sha1) sha1($password) == $user->password
195
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
