Preserving State and Providing Security PHP

You may wish to secure your Web application by requiring visitors to identify themselves with a login and password. Requiring this page after page, though, would be very annoying. You may even want to track users through the site without actually identifying them. The process should be invisible and should not intrude on the experience.

One solution is to generate a random session identifier. This identifier must not be easy to guess and must be unique to each user. The session could be stored in a database or a file and passed in every link or form. The site simply checks that the session is valid each time a page is requested. If the session is invalid, you may display an error message, send the user back to the login page, or just generate a new session identifier, depending on context.

In a site that requires users to log in, the session identifier will be associated with a user identifier, which would be the key to a table of user information. You may also keep track of the last time the session requested a page and have all those with no activity in a given period, perhaps 15 minutes, expire. This protects users who walk away from their computers without explicitly logging out.

You may also choose to associate arbitrary variables with each session. This is relatively easy to implement with a relational database. Create a table where each row is uniquely identified by session identifier and variable name. Creating a variable is as easy as inserting a row into the table. You can fetch each variable with each request, or fetch them only as needed. Another approach would be serializing an array of values and storing it in a single table column.

These functions present a system that handles the chores of moving data between variables and permanent storage. Although the default handler stores variables on the local file system, it is possible to write your own handler that stores them in a database.

All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd Protection Status

PHP Topics