Hello,
If a user logs in with an email address and I have a session to save its email address so I can pass it along to other pages, how does it work if the user decides to update their email address in their account page? Will the session that was saved before the update, also change too when updated?
Do I have to make the user log back out so when they log back in, their new email is being saved in the session?
Thanks
Jump to PostYou could reassign the session on update to the new email address
Jump to PostOne option to consider is storing a unique UserID in the session as opposed to something that could change. Doing so will allow you to populate any field (including e-mail address) while ensuring that if changes are made you don't have to destroy the session.
You could reassign the session on update to the new email address
One option to consider is storing a unique UserID in the session as opposed to something that could change. Doing so will allow you to populate any field (including e-mail address) while ensuring that if changes are made you don't have to destroy the session.
I have to admit, jr has a nice little solution there. The user id will not change. I try to avoid using email addresses as logins, but I realise that this is an increasingly popular way to access sites.
yeah, jrotunda85 method is better than storing an email address into a session. as long as you have the user id stored in that session, you can always retrieve the user's email address. for security reasons, relying in sessions alone can be risky, session hijacking has been made easy thanks to a firefox plugin that was made. Use a combination of cookies and sessions or add more security to the login page, like session timeouts and stuff OR get a SSL certificate to encrypt your login.
Good point. Firesheep really made me stand up and take note. I've discussed this with colleagues and we now avoid logging into 'open' sites on our school wifi. Darned technology!
Great inputs guys! I will use unique IDs as sessions now! But I would like to use it in combinations with session emails. Maybe I can set it so if these two are equal and in the same row, then user is logged in.
Thank you! I will research in using cookies as well and timeouts. Thank you for the heads up. I will eventually get a SSL certificates!
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.