|
PHP - Session Data Help
Ok guys and girls,
What I am tryting to do is when a user logs into my site and starts a session I would like to display some information about that user. The information displayed needs to be dynamic as this site will only have a few users buy I dont users viewing other users information. So far I have this code to process the login and start the session: <?php include("php/dbconnect.php"); //connects to the database when connected //get the username and password from the login form on the index page $username=$_POST['username']; $password=$_POST['password']; //stop an MySQL Injection by removing slashes and real_escape $myusername = stripslashes($username); $mypassword = stripslashes($password); $myusername = mysql_real_escape_string($username); $mypassword = mysql_real_escape_string($password); //Select users from the database that match the password and username $sql="SELECT * FROM users WHERE username='$username' and password='$password'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" or such file session_register("username"); session_register("password"); session_start(); //echo section test //echo "details ok"; header("Location: http://webdev/schools/hhs/psy_bookings/memberspage.php"); } else { echo "Wrong Username or Password"; } mysql_free_result($result); ?> And when they successfuly login into the members page to keep the session active I have the following code: <?php //////////////////////check the the user has logged in and allowed to view the pages/////////////////////// session_start(); //check to make sure the session variable is registered if(session_is_registered('username')){ //the session variable is registered, the user is allowed to see anything that follows echo 'Welcome, you are still logged in.';//test echo } else{ //the session variable isn't registered, send them back to the login page header( "Location: http://webdev/schools/hhs/psy_bookings/" ); } ////////////////////////////////////end of session data code/////////////////////////////////////////////// ?> What I would like is to be able to display the users name on the page and maybe call their email from the db. Thanks in advance as always Similar Tutorialsmerry christmas everybody
i have shopping basket, i put many items in it per session.
i want get the heighst shipping1 value from session but i dont know how.
i tryed last 3 day without success.
now i get the following value for shipping1
2
3.90
5
6.90
but i see only 6.90 as it is the heighst shipping1 in basket.
thank you very much for your help
here is my code
foreach ($_SESSION["products"] as $cart_itm)
{
$inventor = $cart_itm["code"];
$shippall = $cart_itm["shipping1"];
$query1 = "SELECT MAX(shipping1) FROM $table1 WHERE inventar='$inventor'";
$result1 = $link1->query($query1) or die ("Database Error!");
$row = mysqli_fetch_row($result1);
echo $shippall."<br>";
}
Hi, I have stored user data in the database, but I think I need to somehow grab the "id" of the username, and use that in a SESSION when they log in, so that I can pull up the user information in the database for that particular user when they log in. and do that for everyone when they log in. My idea is user logs in Something like "grab the user "id" linked to this user, and add that value to "$currentUser", then somehow when it is time to show their user profile page, I do something like "display all field data where username=$currentUser. I don't know I am confused, any help plus code would be great if anyone can help, or just the pseudocode would be good. I hope I explained it right. thanks. I run MAMP and would like to know where I can find and view the data stored in my Sessions? Any ideas? Thanks, Debbie Trying to create a simple login page (and my code is embarassingly disgraceful at this point). In simple terms, I have start_session on three pages. The first page asks for name, the second for password, the third welcomes user. The second page contains $name=$POST['name']; $_SESSION['name']= $name; When I access the page 2, the name is echoed with a greeting and request for password. But after a password submission (whether correct or incorrect) the $name disappears. I am at a loss for why it is not being refreshed or maintained in the session. Any ideas for me? warning: I'm a self taught advanced newbie. I'm working on a multipage PHP app that has need to pass values between pages, usually very small text strings or small integers. I've designed it primarily using _SESSION variables to pass these bits of data. Some of them are written to SQL, but most of them are temporary in nature. Is using _SESSION variables in this capacity considered reasonable? Is there something else or a different way to go about this? (Page A writes a value into $_SESSION['myvalue'], and then page B grabs that data and does something with it.) Alright, So i want to pass a session from www.mysite.com to mobile.mysite.com And i'm doing so by calling this on the top of every page on each site: <?php session_set_cookie_params(360000, "/",".mysite.com"); session_start(); print_r($_SESSION); ?> yet, the session data that is set on one subdomain is NOT printed on the other subdomain. I've even tried destroying the sessions several times to start over. But it won't work. What could be up? Thanks Hey all, I am having a situation where I have a singleton class with a static array in it. I insert an element into that array, and then I redirect the user to another page. At that page, I then retrieve that array (it's stored in the session vars), but the array is then empty when I retrieve it. I can't figure out why. Here are some pertinent code snippets. First, the class with the static array: class Logger { private static $instance = NULL; private static $messages = array(); //Private constructor to prevent this class from being instantiated multiple times private function __construct() { } //The clone function is private to prevent cloning of this class private function __clone() { } //Returns the singleton instance of this class public static function GetInstance() { if (!self::$instance) { self::$instance = new Logger; } return self::$instance; } public static function GetMessageCount() { return count(self::$messages); } public static function LogMessage($new_message) { self::$messages[] = $new_message; } public static function GetMessages() { return self::$messages; } public static function ClearMessages() { self::$messages = array(); } } Here is the code where I insert something into the aformentioned array (the process is that a user tries to log in, but the login fails, and so we insert a message into the array saying that the login credentials failed). //Retrieve the message logging instance from the session data to be able to pass messages to the user. $message_log = $_SESSION['user_messages']; $user = $_SESSION['user_account']; //Create a new instance of the database management class and //try to connect to the database $dbm = new DBM(); if ( !$dbm->isConnected() ) { $message_log::LogMessage("We are sorry, but we are unable to access the database at this time. Please try again later."); } else { //Retrieve the user login information $useremail_dirty = $_POST['useremail']; $password_dirty = $_POST['userpassword']; //Check to see if the email we were given exists in the database, and if the password matches $doesPasswordMatch = $dbm->doesPasswordMatch ( $useremail_dirty, $password_dirty ); if ( $doesPasswordMatch ) { //Correct login information was received. Login the user and redirect appropriately. $user->Login(); header ( "Location: ".BASE_URL."/userpage.php" ); exit; } else { //If an incorrect email or password was given, report that information to the user. $message_log::LogMessage("Incorrect login information."); } } //The user has failed to login. Redirect to the appropriate page. header ( "Location: ".BASE_URL."/loginfailed.php" ); And finally, given an unsuccessful login attempt, this is where I pick back up the array of messages to display the messages to the user: $message_log = $_SESSION['user_messages']; $all_messages = $message_log::GetMessages(); print $message_log::GetMessageCount()."<br>"; print count($all_messages)."<br>"; foreach ($all_messages as $message_string) { $prepared_string = prepare_text_for_html_output($message_string); echo $prepared_string."<br>"; } $message_log::ClearMessages(); Unfortunately, the "all_messages" variable has nothing in it...it's like the messages that I logged in the previous PHP script never even existed. I am calling session_start, so don't worry about that (even though it's not seen in these code snippets). What could be going wrong? Hello I have included a simple login system into my website. When a user logs in, a session is started and he stays connected throughout the whole website until logging out again. The user logs in via his e-mailaddress and a password, which are stored in a mysql database. Now I want to add a page on which a user that is logged in, can see and edit his own information (password, cellphone number, e-mail, etc.). Or easier: instead of showing "Welcome!" showing "Welcome, John!". I thought about storing the e-mailaddress into the session, and then trying to access it to select the correct record (to edit afterwards). But so far, I haven't booked any success. I have to say that this is the first time I'm working with sessions as well, so this is very new to me. Thank you in advance for any help! I want to use session to do a query and will I be able to do this? I have a session that was gathered from login and now i was to use this session to do a query If Yes, How? Here is my code... Code: [Select] <?php mysql_connect("localhost", "user", "pass")or die("cannot connect"); mysql_select_db("database")or die("cannot select DB"); $myemail = mysql_real_escape_string($_POST['myemail']); $mypassword = mysql_real_escape_string($_POST['mypassword']); $mypassword = md5($mypassword); $myemail = stripslashes($myemail); $mypassword = stripslashes($mypassword); $sql="SELECT * FROM users WHERE email='$myemail' and password='$mypassword'"; $result=mysql_query($sql); $count=mysql_num_rows($result); if($count==1){ session_start(); $_SESSION["myemail"]= "$myemail"; header("location:home.php"); } else { header("location:fail.php"); } ?> What can I do to this code so that it will also store first name from the database inside a session? Hello, I've been hacking at this for about 5 hours, and have been unable to get my session data to pass through to the 3rd page. Here is my code. As you can see I've been trying all types of variation of retrieval. On page 2 I can pull the data from page 1 fine with REQUEST or the longer version.. But for some reason page 3 will not display the first_name and last_name... I'm desperate at this point. I have not been able to find a working answer. I'm running php 5 w/ trans... OFF (default) in .ini. Page 1 Code: [Select] <?php session_start(); ?> <?php $PHPSESSID = session_id(); echo "<strong>Session ID:</strong> $PHPSESSID"; "<br /><br />"; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>0</title> </head> <body> <form method="post" action="multi_page_post_2.php"> <label>First Name</label> <input name="first_name" value="" width="50" type="text" /> <br /><br /> <label>Last Name</label> <input name="last_name" value="" width="50" type="text" /> <br /><br /> <input type="submit" name="submit" value="Enter your Data - Continue to Step 2 >>" /> </form> </body> </html> Page 2 Code: [Select] <?php session_start(); ?> <?php $PHPSESSID = session_id(); echo "<strong>Session ID:</strong> $PHPSESSID"; $first_name = $_REQUEST['first_name']; echo $first_name; ?> <?php echo "<br /><br />"; print_r($_SESSION); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Step 2</title> </head> <body> <h2>Step 2 - Is this data correct?</h2> <hr /> <strong>First Name:</strong> <?php echo $_SESSION['first_name'] = $_POST['first_name']; ?> <br /><br /> <strong>Last Name:</strong> <?php echo $_SESSION['last_name'] = $_POST['last_name']; ?> <br /><br /> <form method="post" action="multi_page_post_3.php"> <label>Sons First Name: </label> <input name="sons_first_name" value="" width="50" type="text" /> <br /><br /> <input type="submit" name="submit" value="YES! Continue to Step 3 >>" /> <input type="hidden" name="PHPSESSID" value="<?php echo $PHPSESSID ?>" /> <input type="button" value="No! Back to Previous Page" onClick="javascript: history.go(-1)"> </form> <br /><br /> <a href="" onclick="<?php session_destroy(); ?>">Session D E S T R O Y !</a> </body> </html> Page 3 Code: [Select] <?php session_start(); ?> <?php $PHPSESSID = session_id(); echo "<strong>Session ID:</strong> $PHPSESSID"; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Step 3</title> </head> <body> <h2>Step 3 - Is this data correct?</h2> <hr /> <strong>First Name:</strong> <?php echo $_SESSION['first_name'] = $_REQUEST['first_name']; ?> <br /><br /> <strong>Last Name:</strong> <?php echo $_SESSION['last_name']; ?> <br /><br /> <strong>Sons First Name:</strong> <?php echo $_REQUEST['sons_first_name']; ?> <br /><br /> <form method="post" action="multi_page_post_4.php"> <input type="hidden" name="PHPSESSID" value="<?php echo $PHPSESSID ?>" /> </form> <br /><br /> <a href="" onclick="<?php session_destroy(); ?>">Session D E S T R O Y !</a> </body> </html> Hi guys,
I am having a problem transferring data between pages, using PHP sessions. I have a HTML SELECT drop-down to let user set the number of posts per page to display. <form method="POST" style="margin:auto;position:relative;width:35%;padding:17px;top:47px;">
<span>select posts-per-page:</span>
<select name="ppp">
<option selected disabled>--select ppp--</option>
<option value=10>10</option>
<option value=15>15</option>
<option value=20>20</option>
<option value=50>50</option>
<option value=100>100</option>
</select>
<input type="submit" name="submit" value="OK"/>
</form>
I want to transfer the value selected by user to a session so that I can load the value in other pages. The value of posts per page is carried by variable $ppp; so, file1 contains the code $_SESSION['ppp'] = $ppp; That seems to work great; the system updates correctly the session's value as user submits different numbers of posts-per-page.
The problem is in page2.php: it doesn't update to the new user's selection; I already have a session active in that page so I don't need session_start(). To call the session, I use the line $ppp=$_SESSION['ppp']; When user changes the selection from 50 to 100 posts per age, for example, the value of page1.php changes as expected, but the value transferred to page2.php doesn't change, appears to remain with the default value the page loads with. I don't know if the problem is that I already have a session going. Can you have more than one session running simultaneously in a page? Can anybody help? Thanks in advance!
Sept Hello, I am puzzled as to how to get this code actually working, I am using some example code, I want the code to remove the data of the logged in users, at the moment it will remove all users registered in the mysql db.
<?php
# Access session.
session_start() ;
if ( !isset( $_SESSION[ 'user_id' ] ) ) { require ( 'login_tools.php' ) ; load() ; }
# Connect to the database.
require ('connect_db.php');
// Attempt delete query execution
$sql = "DELETE FROM users WHERE user_id=user_id";
if(mysqli_query($dbc, $sql, $q)){
echo "Records were deleted successfully.";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($dbc);
}
# Close database connection.
mysqli_close( $dbc ) ;
?>
$_session id knows that the user is logged into the control page, but for the code to remove the particular user logged in from the db, what exactly does this need? Thank you. Here's the site: http://www.secretauctions.com/thank_atv_cb754.php# (If anyone wants to see how the problem is occurring. The Username and Password shown on the page are functional.) Here's the problem: Whenever anyone tries to click to the second page of results, the Session fails. Here's a short version of the code: Code: [Select] <?php $username = "user493d"; $password = "w7atv"; session_start(); $my_array=array($username, $password); $_SESSION['login']=$my_array; if ($_SESSION['login'][0]=="user493d" && $_SESSION['login'][1]=="w7atv") include("atv_list.php"); else include("sorry1.php"); ?> This works GREAT on the initial log-in. But the moment anyone tries to go to the second page of results, the Error state trips, and they get the "sorry" page. This isn't supposed to happen. This is my first foray into Sessions, so I'm certain there's something I'm not understanding, but shouldn't the above code store the username/password, then use it to verify page reloads? Can anyone tell me why it's allowing the Fail state to trip, when the initial test succeeds? Or am I doing the whole thing wrong? I am having some problems with part of the code. What is going on is a user registers info with a form and is sent an email with a confirmation link. The info that was in a temp DB table is moved to a member table. All of this works fine, but I am trying to be able to store an ID and username associated with their passkey info and echo that variable out. This part I am having trouble with. Code is here. <? session_start(); include('config.php'); // Passkey t from link $passkey=$_GET['passkey']; $tbl_name1="Profile_temp"; // Retrieve data from table where row matches passkey $sql1="SELECT * FROM $tbl_name1 WHERE confirm_code ='$passkey'"; $result1=mysql_query($sql1); // If successfully queried if($result1){ // Count how many row has this passkey $count=mysql_num_rows($result1); // if passkey is found retrieve info from temporary DB if($count==1){ $rows=mysql_fetch_array($result1); $FirstName=$rows['FirstName']; $LastName=$rows['LastName']; $UserName=$rows['UserName']; $Password= md5($rows['Password']); $Password2=md5($rows['Password2']); $email=$rows['email']; $Zip=$rows['Zip']; $Birthday=$rows['Birthday']; $Security=$rows['Security']; $Security2=$rows['Security2']; $tbl_name2="Profile"; // Insert data that retrieves from "temp_members_db" into table "registered_members" $sql2="INSERT INTO $tbl_name2(`FirstName`,`LastName`,`Username`,`Password`,`Password2`,`email`,`Zip`,`Birthday`,`Security`,`Security2`) VALUES ('$FirstName','$LastName','$UserName','$Password','$Password2','$email','$Zip','$Birthday','$Security','$Security2')"; //echo $sql2; $result2=mysql_query($sql2); } // if passkey is not found, display message "Wrong Confirmation code" else { echo "<h2>Sorry, Your passkey was not found.</h2>"; } while ($row = mysql_fetch_assoc($result2)) { $_SESSION['id'] = $row['id']; $_SESSION['UserName']=$user_name; } // if successfully moved data from table"temp_members_db" to table "registered_members" displays message "Your account has been activated" and don't forget to delete confirmation code from table "temp_members_db" if($result2){ echo "<h2>Your account has been activated, </h2>"; echo "$user_name"; echo"<p>You may now upload a profile picture</p>"; // Delete information of this user from table "temp_members_db" that has this passkey $sql3="DELETE FROM $tbl_name1 WHERE confirm_code = '$passkey'"; $result3=mysql_query($sql3); } } ?> getting an error for this part while ($row = mysql_fetch_assoc($result2)) { $_SESSION['id'] = $row['id']; $_SESSION['UserName']=$user_name; } the error is "Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in confirmation.php on line 62" SET UP: Windows vista # XAMPP 1.7.3, # Apache 2.2.14 (IPv6 enabled) + OpenSSL 0.9.8l # MySQL 5.1.41 + PBXT engine # PHP 5.3.1 # phpMyAdmin Error message: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') VALUES ('qwerty','uiop','asd')' at line 2 I'm trying to get this multi page order form to insert information into two tables via a session. But it comes up with the above error message. This script worked perfectly with one table but as soon as I coded he information to go into two tables it screwed up. Is it the sprint <?php //let's start our session, so we have access to stored data session_start(); session_register('membership_type'); session_register('terms_and_conditions'); include 'db.inc.php'; $db = mysql_connect('localhost', 'root', '') or die ('Unable to connect. Check your connection parameters.'); mysql_select_db('ourgallery', $db) or die(mysql_error($db)); //let's create the query $query = sprintf("INSERT INTO subscriptions ( name, email_address, membership_type,) VALUES ('%s','%s','%s')", mysql_real_escape_string($_SESSION['name']), mysql_real_escape_string($_SESSION['email_address']), mysql_real_escape_string($_SESSION['membership_type'])); //let's run the query $result = mysql_query($query, $db) or die(mysql_error($db)); $query = sprintf("INSERT INTO site_user_info ( terms_and_conditions, name_on_card, credit_card_number, credit_card_expiration_data) VALUES ('%s','%s','%s','%s')", mysql_real_escape_string($_SESSION['terms_and_conditions']), mysql_real_escape_string($_POST['name_on_card']), mysql_real_escape_string($_POST['credit_card_number']), mysql_real_escape_string($_POST['credit_card_expiration_data'])); //let's run the query $result = mysql_query($query, $db) or die(mysql_error($db)); echo '$result'; ?> I'm trying to insert into this database: <?php require 'db.inc.php'; $db = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD) or die ('Unable to connect. Check your connection parameters.'); mysql_select_db(MYSQL_DB, $db) or die(mysql_error($db)); $query = 'CREATE TABLE IF NOT EXISTS subscriptions ( name VARCHAR(50) NOT NULL, email_address VARCHAR(50), membership_type VARCHAR(50), PRIMARY KEY (name) ) ENGINE=MyISAM'; mysql_query($query, $db) or die (mysql_error($db)); // create the user information table $query = 'CREATE TABLE IF NOT EXISTS site_user_info ( name VARCHAR(50) NOT NULL, terms_and_conditions VARCHAR(50) NOT NULL, name_on_card VARCHAR(50), credit_card_number VARCHAR(50), credit_card_expiration_data VARCHAR(50), FOREIGN KEY (name) REFERENCES subscriptions(name) ) ENGINE=MyISAM'; mysql_query($query, $db) or die (mysql_error($db)); echo 'Success!'; ?> What am I doing wrong? is there a code spell checker ? Also should I use the mysql_real_escape_string() on the user input as they become sessions variables or is it okay to wait and clean the input as it gets inserted in the table? Thanks for your help. in this page http://maximaart.com/newscp/ i have this problem Code: [Select] Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/maximasy/public_html/newscp/index.php:1) in /home/maximasy/public_html/newscp/index.php on line 2 my source code is <?php session_start(); include_once("config.php"); include_once("functions.php"); $errorMessage = ''; if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) { if ($_POST['txtUserId'] === "$user" && $_POST['txtPassword'] === "$pass") { // the user id and password match, $_SESSION['basic_is_logged_in'] = true; require("main.php"); exit;?> I am trying to create an index page which contains registration and login field the problem that i get is on successful login a warning is displayed session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\Eventz.com\index.php:116) in C:\xampp\htdocs\Eventz.com\index.php on line 235 This is the login part of my index.php this tag is inside an html table below the login form I also have a registration form and its php code above the login form Code: [Select] <?php if (isset($_REQUEST['pass'])) { $id=$_POST['id']; $pass=$_POST['pass']; $conn =mysql_connect("localhost","root",""); if (!$conn) { die('Could not connect: ' . mysql_error()); } /* checking connection....success! */ $e=mysql_select_db('test', $conn); if(!$e) { die(''.mysql_error()); } else { echo 'database selected successfully'; } if (isset($_REQUEST['id']) || (isset($_REQUEST['pass']))) { if($_REQUEST['id'] == "" || $_REQUEST['pass']=="") { echo "login fields cannot be empty"; } else { $sql=mysql_query("Select email,password from login where email='$id' AND password='$pass'"); $count=mysql_num_rows($sql); if($count==1) /* $count checks if username and password are in same row */ { session_start(); $_SESSION['id']=$id; echo "</br>Login Successful</br>"; } else { echo "</br>invalid</br>"; echo "please try to login again</br>"; } } } } ?> Any help or suggestion would be appreciated I am having trouble resolving an error. Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/s519970/public_html/header.php:27) in /home/s519970/public_html/admin/login.php on line 2 What I can gather is I can't use "header (Location: 'admin.php')" after i've used session_start(). I have tried to replace the header (Location: 'admin.php') with this: echo "<script>document.location.href='admin.php'</script>"; echo "<script>'Content-type: application/octet-stream'</script>"; I've been trying to read up on solutions but haven't been able to get it sorted. If anyone can offer some advice that would be greatly appreciated as im new to php. Code: [Select] <?php session_start(); if(isset($_SESSION['user'])) echo "<script>document.location.href='admin.php'</script>"; echo "<script>'Content-type: application/octet-stream'</script>"; ?> <div id="loginform"> <form action="dologin.php" method="post"> <table> <tr> <td><span>Username:</span></td> <td><input type="text" name="username" /></td> </tr> <tr> <td><span>Password:</span></td> <td><input type="password" name="password" /></td> </tr> <tr> <td colspan="2" align="right"><input type="submit" name="login" value="Login" /></td> </tr> </table> </form> </div> I have tried using require_once('yourpage.php'); before my <head></head> tags in the header document where I've specified the html information but this doesn't seem to work. I've been advised to use ob_start("ob_gzhandler"); but I am not sure how to implement this. Any advice is greatly appreciated! I'm making a simple login system with MySQL and PHP (very simple, I'm just starting with PHP). The MySQL portion is done, but I need to ensure only people who are logged in can see certain content. To check if people are logged in, my website checks that they have the $_SESSION['user'] variable set. If it is set, then it lets them continue through the website, if not, it tells them to login. Is that enough security, or can people simply inject a session cookie into their browser to spoof that they are logged in? My idea was to generate a session key cookie when they login (just a random string of letters and numbers) and store that in the database, then on every page, check to make sure their session key is the same thing that's in the database. Is this necessary? It seems expensive. |
|||||||