SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Enthusiast
    Join Date
    Oct 2006
    Posts
    88
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Generating and storing session ids / user login design

    I am bulding a user registration and login system and need some advice around storing session ids and validating user credentials...etc.
    Once I have gone through the standard username and password validation, I generate a session id using the users id, email address and time of login + the users ip address.

    The session id is then stored in the database and a $_SESSION is created with this as the value. The last login time is also stored in the database.

    So when I go to validate the login on different pages, I can take the session id, last login time and current session ip address and re-generate the session id to see if it matches.

    The only issue is that this would mean a user can only login once on a single browser as logging in again on a different browser would make the first session invalid.

    My question is: do you think this is a good way of validating logins and if not, can you advise on something better.

  2. #2
    I solve practical problems. bronze trophy
    Michael Morris's Avatar
    Join Date
    Jan 2008
    Location
    Knoxville TN
    Posts
    2,023
    Mentioned
    62 Post(s)
    Tagged
    0 Thread(s)
    Is there any pressing reason you aren't just calling session_start() and using the PHP's internal session hancling schema?

  3. #3
    SitePoint Enthusiast
    Join Date
    Oct 2006
    Posts
    88
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I am doing that as well. So I call a session then rebuild it using the uses up address as a unique live identifier.


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •