Learn computer science

Full Version: _SESSION for PHP
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Sooo...
The way that the session works is that if someone comes onto my page from most other ASW websites, the session from their page gets transferred over to my page. The problem with this is that since the sessions never stop, the user is logged into my website without ever even making an account. Would the correct way of fixing this by checking if that username exists in my database, and then if it doesn't I destroy the session? What if it just happens that the person is using a username that exists, but isn't that person?
Instead of using the same session name as everyone else ($_SESSION['logged_in'] = true), use something more unique such as ($_SESSION['thisUserIsLoggedIn'] = true).
(02-16-2021, 08:36 AM)SwissGuy Wrote: [ -> ]Instead of using the same session name as everyone else ($_SESSION['logged_in'] = true), use something more unique such as ($_SESSION['thisUserIsLoggedIn'] = true).

This is a great answer. Managing sessions should also be written to a database, but that is just a bit over our introduction to programming class.