i have created database for our site. but i wanted to know that how can i secure my website using session.
ranjit_mahadik 0 Newbie Poster
diafol
The two authentications should be distinct.
For login to site, have the login form pass info to a script which then queries the DB (using mysql user with select-only rights) for a match. Once match made, session id is set.
As long as session_start(); is placed at the top of every page, the $_SESSION['id'] variable (or whatever you've called it) will remain valid or set.
Once you've logged in successfully and your session id is stored, you can use that to retrieve the level of rights you have to manipulate the DB (e.g. create/update/delete rights for the mysql user account). In addition, perhaps certain members should be allowed to access certain pages. You can set users' page rights in the DB.
Sorry, jumbling the whole stuff. Any sense?
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.