PHP how to start a secure session

currently i am starting a session as follows:

if ($hasher->CheckPassword($password, $hash)) { //$hash is the hash retrieved from the DB 
        $what = 'Authentication succeeded';
            $_SESSION['username']=$_POST['username'];
         header('Location: securedpage1.php');
    } else {
        $what = 'Authentication failed';
        echo "Incorrect Password";
        include 'login.php';
        exit();

    }

as you can see i am wondering if $_SESSION['username']=$_POST['username']; is the best way to start a session or if there are better practices

Thank you for any responses!

Answers


You could roll your own session handler using a database as the storage point rather than the filesystem. This has several security advantages, as on a shared host, for instance, session data stored in the filesystem could be compromised. As I mentioned in my comment, you could also store the "source" IP address in this way and tie it to the session, and invalidate any sessions accessed from an IP other than the original one.

This article explains in great detail: http://shiflett.org/articles/storing-sessions-in-a-database


Need Your Help

xcode 4 copy resources on a device only once

ios xcode build resources copy

I have a question about the copy phase of resources with xCode. I have an app very heavy, (about 1gb, lot of pngs) and I wanted to know if it is possible to copy all resouces on device only once ?

Adding .jar's to classpath (Scala)

scala jar jvm classpath

So I've been trying to work with the signal-collect framework and I downloaded the .jar files and extracted it into a folder. Currently the folder structure looks like:

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.