Geek Answers Handbook

$ _SESSION ['user_id'] is enough to check input in PHP?

When a user logs in to a website, I save user_idto SESSION to check later if the user is logged in or not.

if(!empty($_SESSION['user_id'])){
  ....

Is this enough for security?

+5
source share
6 answers

This will depend entirely on how this variable goes to the session and how well you manage the session.

, - , - , . ? , ?

- , , $_SESSION ['user_id'], . , VALUE , $_SESSION ['user_id'], , .

, , , - / ( , ?). , .

+12

, - .

.

isset():

function loggedIn()
{
  if (isset($_SESSION['user_id']) && is_numeric($_SESSION['user_id']))
    return true;
  return false;
}

, 0, empty() true!

+7

, - .

- , cookie , .

, , "", , IP- , , . , , , - .

+1

...

- $_SESSION ['user_id'] = $_GET ['user_id'], : .

, , , - ..

0

if(!isset($_SESSION($user_id){

, $user_id == 0 then isempty() , , , .

unset($_session_variable_name);

, , .. .

0

, , , IP- USER_AGENT, .

-1

More articles:


All Articles