php - How to safely manage connected user -


i think figure dout how this:

when user connect, after checking if has username/password, session key (a random long string) created , put inside db. same session_key put inside session.

if user out of app without login off, when comes back, if session_key match 1 in db, user o.k , connect user have session_key. if not, session closed, user rerouted login. if there's no problem, new session_key created (to replace old one).

i think o.k., except 2 things:

-how can make session_key disappear db after time? guess should execute code on server, how can execute code on server if nobody using app moment?

-if it's session_key, alright use cookie insted?

-is o.k. check if there's session_key in db correspond session_key in session, or should use else sure? generate random long string , crypt same way password, think secured enough , wouldn't session_key identical.

-insteed of using username data db, o.k. use session_key (getstuffbysessionkey())?

what if user access cookie , change username?

there's no need store username in cookie. cookie should only have session key info. you'll username via db query when user attempts login. if user changes session key value in cookie, no longer match active session in database, , have log in. it's same clearing cookie.

in addition username , session_key, put user privileges in cookie. need know if user admin, creator or visitor.

these should stored in database well, not in cookie.

is there other way check if user didn't try change while still on app?

nope, should checking valid, active session on every request user. if there's no session cookie, or if cookie doesn't match valid session, redirect them login page.

as others have pointed out, you'd wise use php's built-in sessions this.


Comments

Post a Comment

Popular posts from this blog

authentication - Mongodb revoke acccess to connect test database -

i have ec2 instance mongodb 3.2.0 installed. have user admin access. can connect user , perform operation remotely. 1 can connect database test remote if knows ip mongo 11.11.11.11. although not able make operations, want restrict access user credentials can connect server. first need create users , grant roles users, example: use admin db.createuser( { user: "myuseradmin", pwd: "abc123", roles: [ { role: "useradminanydatabase", db: "admin" } ] } ) then need start server --auth parameter mongod --auth more information here
Read more

r - Update two sets of radiobuttons reactively - shiny -

i have read ( how make choices in radiobuttons reactive in shiny? ) shows me how update radiobutton s in reactive way. however, when try , update 2 sets of buttons same data, 1 set renders. example: server: # create example data wafer <- rep(c(1:3), each=3) length <- c(1,1,2,1,1,1,3,5,1) width <- c(3,1,6,1,1,1,1,1,6) dd <- data.frame(wafer, length, width) shinyserver(function(input, output, session){ # create reactive dataframe store data values <- reactivevalues() values$df <- data.frame() # lengths , widths of wafer user input <- eventreactive(input$do, { subset(dd, wafer %in% input$wafer, select = length:width) }) # update reactive data frame lengths , widths have been selected user input observe({ if(!is.null(a())) { values$df <- rbind(isolate(values$df), a()) } }) output$wl <- renderdatatable({ a() }) # update radio buttons unique length , widths stored in values$df # ever "observe" put first in co...
Read more

ios - Realm over CoreData should I use NSFetchedResultController or a Dictionary? -

i'm working on app using core data , nsfetchedresultcontroller many reasons switch use realm. saw there "realm version" of nsfetchedresultcontroller on github wouldn't compatible current code using core data. the view controller displaying list of people same school, address book. list sublist of people studied in same city. so thinking make 1 unique request database retrieve list of people , filter locally list within 1 dictionary per school [string: anyobject] string section name within tableview , anyobject array of people. first solution, make nsfetchedresultcontroller each school predicate filtering location. delete actions etc.. handled delegates -> not compatible realm create dictionaries , update them each actions... -> works realm it's annoying code. any better solution? edit: i need clarify request: i'd write class inherit uitableviewcontroller. this class has list of people sorted in alphabetical order the tableview has ...
Read more