Secure pages Sessions vs. Cookies & session_destroy() help


Posted on 16th Feb 2014 07:03 pm by admin

Im new here and new to PHP, I hope you can help me with some questions.

Im writing my web app, and i have login screen where user enters his username and passoword, then I check im MySQL database is it ok, and if its ok and user exists, I send him to protected pages, i have 3 protected pages that only registred users can acess.

Did you know?Explore Trending and Topic pages for more stories like this.
Now the problem is I dont know should I use Sessions or Cookies to check if user is loged in? Cookies are cool and simple but I dont know how to encrypt them so anyone can see them. What is the best method to encrypt cookie?

And with Sessions I joust cant destroy session with session_destroy();

Here is the code of secure pages, and logout.php

Secure page (there are 3 of them but they are all the same as this one):
Code: <?php
session_start();

$username = $_SESSION['username'];
$password = $_SESSION['password'];

include 'database_connect.php';

$sql = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$sql = mysql_query($sql) or die(mysql_error());
$count = mysql_num_rows($sql);

if ($count !== 1) { header("location: login-fail.php"); }

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>PHP generated</title>
</head>

<body>

<?php echo $username . " <p>welcome to Content Manager</p>" ?>
<a href="admin-site-manager.php">Site Manager</a>
<a href="admin-account-manager.php">Account Manager</a>
<br/>
<a href="logout.php">Logout</a>

</body>

</html>
And this is logout.php

Code: <?php
session_start();
session_destroy();
header("location: index.php");
?>
So my questions are:

1. Whats wrong with this script, it works great, but logout is not working, when i click logout, it sends me to index.php, but if I enter URL of "secured" page it show me that page and tells me Im loged in :/. So i gues my logout.php is not working. I guess that after 24 minutes it wouldnt show me secure page anymore but i didnt wait that long. In documentation it writes that it takes 24 minutes for session to compleatly destroy, if we dont change php.ini file.

2. To secure pages so only registred users can acess them, like I did now, what is better, Sessions, or Cookies, or is there any way to combain them? Is it ok to use only sessions like I did? Is it secure, and what would could I get if I use cookies too. Can someone explain me when should I use Sessions and when Cookies?

3. About Cookies encryption, what is the best way to encrypt a cookie, so if Im sending $password from one page to another and store that password in a cookie, how to secure it from users to see it? What is the best way to do that?
No comments posted yet

Your Answer:

Login to answer
344 Like 49 Dislike
Previous forums Next forums
Other forums

Pipe email to PHP - get mail adress from MySQL - send?
Hi all,

this is the challenge:

1) Our faculty at the college where I'm employed includ

Transferring session variables into MySQL
I am trying to transfer $_SESSION variables into MySQL. However there is an error in my MySQL statem

Escape Latin Characters
I need to escape latin characters in an xml doc. Example: "é" is escaped to "é". I thoug

why this query can delete duplicates ?
why this query can delete duplicates ? Anybody can give me the detailed explanation ?

Tha

Spaghetti Code
So.

I've pretty much reached the point where I have so many isset s on one page that I can't

While Problem
i am having a problem with a while statement here is the code
Code: [Select]<?php
sess

Can't find the problem (no error message)!
OK, here's the deal. This code is really weirdly formatted (sorry!) and hard to understand, so I'm g

Help with ORDER BY
Hello. I would like to order by ascending States, then Cities, then Gyms in the following code, but

Help please - How to validate from 2 possible answers
Hi

I hope somebody can help me with what will probably be really simple, I'm pulling my hair

Restricted access to sub-folder in iis6 doesn't work?
Basically I'm trying to add restriction to sub-folder (which contains pdf) in web.config for iis6 as

Sign up to write
Sign up now if you have flare of writing..
Login   |   Register
Follow Us
Indyaspeak @ Facebook Indyaspeak @ Twitter Indyaspeak @ Pinterest RSS



Play Free Quiz and Win Cash