A session refers to all the requests that a single client makes to a server. A session is specific to the user and for each user a new session is created to track all the request from that user.
5
votes
1answer
49 views
login_required decorator in Flask
I have 2 Flask apps (different projects) that work together . One implements some API which uses tokens for auth. The second one consumes the API and makes a web interface for it. Now I have a login ...
1
vote
1answer
108 views
Another PHP login handler
I wrote this class to handle login sessions for a framework I'm writing for educational purposes.
My major areas of concern:
Style
I know my style is a little contrary to most coding conventions. ...
2
votes
1answer
32 views
Authentication and session creation
My session controller has a method for creating new user session. According to Rubocop's output there is 'Assignment Branch Condition' metric is too high [15.17/15].
...
2
votes
1answer
127 views
Using $_POST and $_SESSION - passing variables between pages
I have an index page which gets passed $_POST['timestart'] and $_POST['timeend'] variables. In addition, I have a cart page ...
1
vote
1answer
390 views
Simple PHP session handler class (using MySQL for session data storage)
I have tried to write a small light weighted php session handling class that use PHP's session_set_save_handler() function to overwrite the default session handling ...
3
votes
1answer
147 views
Basic login script for educational purposes
I have created a login script to demonstrate the usage of sessions in PHP. The focus is not on security, databases or encryption. The idea is to exemplify how you can use sessions to protect pages ...
2
votes
2answers
219 views
Session Handling Setup
Just wanted to run through my PHP session handling and get some feedback and tips with regard to what is good (if anything!), what could be better and what is either plain wrong, or using out of date ...
1
vote
2answers
55 views
PHP session_set_saver_handler with session timeout
I have developed a class that utilises the session_set_saver_handler function so I can store sessions within my DB. The class works just as I would like.
However, ...
1
vote
0answers
100 views
Handling user permissions in Code Igniter
I haven't done much work with Code Igniter, and can't seem to get much of a definitive answer poking around as to what the best solution to this problem is. Before moving forward, I wanted to see if ...
3
votes
1answer
66 views
Cross-site request forgery defense for code to count Likes
I have the following code which is supposed to insert a row into a DB table "clicks" (consisting of 1 Primary AI column "id" and another column "user" which contains the user's session ID) upon ...
2
votes
1answer
85 views
Custom Session Pool
We use a student information system called Colleague that is developed by Ellucian. As far as I can tell, the system does not use any sort of session pool so rapidly opening and closing connections ...
5
votes
1answer
189 views
For a login portal, what security measures are needed to prevent unauthorized access?
I'm designing a login portal that has one angularjs page that displays/processes data queried from a database. I'm relying on a few php pages (a loginpage.php [verifies credentials/loads session ...
2
votes
1answer
281 views
PHP login system security using a database, cookies and sessions
I created a simple login system using just sessions but having to login every time gets annoying. That is why I'm no trying to save the sessions to my database linked to the user's account. I will ...
1
vote
0answers
51 views
Persisting database row ID between controller actions on a multi-step “create item” form
I have a form on an anonymous site which has 3 steps. A user submits each step individually, in sequence (1-2-3). BUT, step 1 creates a new table row, while steps 2 and 3 only update the existing row ...
3
votes
1answer
123 views
Custom session handler
I'm new to PDO and haven't been coding in a while. Is the following custom session handler industry-acceptable?
...
3
votes
1answer
218 views
Adding new sockets and sessions
I am currently writing a TcpListener class where it begins a new socket and adds a new Session. I have classes called ...
3
votes
1answer
110 views
Session flash class
I've created this class, for flashing variables like validation errors or success messages. But I'm not certainly sure about it.
...
3
votes
0answers
488 views
Authorization token from servlet filter stores user name
I'm having some difficulty with servlet and filter lifecycles. The intention here is to use the front controller pattern with a simple login; authentication is accomplished with the filter.
Am I ...
4
votes
2answers
3k views
Protect from people bruteforcing the PHPSESSID
The PHPSESSID is stored in the clients cookie so I don't consider it as secure. Someone might bruteforce it and perform some action (like a Facebook status post) whenever a session was successfully ...
3
votes
1answer
123 views
Making user login system secure with $_SESSION [closed]
I am hoping that someone can help me out here. I am creating a PHP web app that requires a user to login to view their data in the MySQL database.
I just want to know if this is a good approach and ...
4
votes
2answers
60 views
Formatting checks against a session
This is the current code that gets put into a option box, is there a way to make this code more efficient and use less code
...
2
votes
1answer
179 views
Is my Node/Express-based authentication implementation with session properly done?
I know that Passport.js exists, however, I wanted to code my own implementation using express-session module.
I'm using:
Express
Mongoose
express-session
So I basically have 2 routes for handling ...
4
votes
2answers
379 views
PHP Session Wrapper Class
I recently worked on a system for the company I work for and would love some feedback on the following class for managing sessions. I don't claim to be a PHP guru but I like to think I gave it a try!
...
4
votes
2answers
674 views
Performance of hashmap-based session object
Unfortunately, I can't use the Tomcat session for storing the key/value pairs for each user (restricted because it's an IVR domain-based project).
But I need the same functionality like a ...
2
votes
1answer
596 views
3
votes
2answers
639 views
Abstract session value manager
I've been working in C# for a while, but I'm just recently starting to force myself to use better abstracted and generic code. I recently encountered a situation where I was juggling a lot of session ...
2
votes
1answer
78 views
HttpSession Wrapper Class
Are there any aspects I could improve of my HttpSession wrapper class?
Other suggestions are also welcome.
...
2
votes
2answers
5k views
PHP Session handling class
I've written a custom PHP session class for handling sessions across the web app. Please review the code and point out mistakes and suggest better handling techniques.
...
6
votes
1answer
60 views
Creating a server for user Internet orders
I've been learning the basics of node over the last couple of days and finally hooked up what I needed. I'm just after someone to comment on if I have gone the right way around this task.
It creates ...
12
votes
2answers
296 views
Sessions and Authentication
I've a feeling I'm overdoing my Auth class, and that it could be done in a simpler and more understandable way.
Could you give me advice on this, please?
This is ...
4
votes
1answer
333 views
3
votes
1answer
299 views
How to regenerate my session ID often when using this class?
I have created a class that will manage my session. I am hoping to acomplish a class that will secure my site from all known attacks (ie. fixation, precedent, and capture.)
The idea is to
Change ...
8
votes
2answers
283 views
Making a simple session class more secured
I just wrote the session class below. I humbly request for a review on how to make this even more secured/ how sessions are normally written. The code below works, but I would love to make it even ...
8
votes
3answers
17k views
First PHP login system
This is my first attempt at a login system! I've only had roughly 2 days of experience with MySQL and PHP so far and this is what I came up with:
...
4
votes
1answer
73 views
Session manager for logged in users
I wrote this code to handle logged in users. The session IDs will be stored in cookies. I would like to know if it's usable or if there are security problems.
It uses a 64bit id and another 64bit ...
4
votes
1answer
181 views
Security - Login system
For a school project I have been asked to create a login system for a website. The language I have to use is PHP with no database as of yet (for a later assignment). I'm just wondering if this code ...
5
votes
1answer
152 views
Safety issues in PHP log-in system
This is a user login (some session wrapper I managed to put together after a lot of web searching).
It's for a simple CMS I'm trying to build. It only needs one user and there is no need for ...
3
votes
1answer
575 views
Session state wrapper, extending an existing application
I'm adding additional functionality to an existing MVC .net application, and to help prevent or at least reduce repeated reads to the dB I'm dumping a few custom entities in session. I'm limiting what ...
2
votes
1answer
163 views
PHP session fixation
I'm trying to implement a system of restricted access. Right now I'm focusing on the "session fixation". I am concerned about the following aspects:
Control of a "fingerprint" of the user created by ...
12
votes
1answer
581 views
PHP form with bot deterrent
I saw somewhere on here that it helps reduce spam by adding a dummy input field that you hide with display: none, and like if it's filled out, then it's obviously ...
2
votes
1answer
197 views
Update SQL query using UNIX time
I would like to test the following garbage collector code on a database of sessions.
It should be following the conditions below:
if 'remember me' is enabled by the user, then it should delete all ...
3
votes
2answers
313 views
3
votes
1answer
256 views
Possible improvements on admin login area?
I've created an admin login area for an application I am planning to code, and I've used the following login.html page to let the user type in his data (I left out parts like "id", "placeholder" etc. ...
1
vote
1answer
90 views
Login and User Information Requests
This code basically connects to a database, sets login success and failure pages, queries the database for user details, checks if user is active, sets session value and redirects accordingly.
Can ...
4
votes
1answer
4k views
Subclassing AFNetworking to handle POST / GET requests
I am pretty new to iOS development - I'm writing an app the uses web services, pretty extensively. With that in mind, I decided to use AFNetworking 2.0 and subclass ...
1
vote
1answer
130 views
3
votes
1answer
273 views
Is this a safe Login?
I've been doing a lot of searching on PHP, logins, forms, cookies, sessions, etc. And so, I've tried to gather all the info that I got from all over the place. But, I didn't find a place with all ...
1
vote
1answer
2k views
Secure logout: session termination
I've been reading the security issue on logging out from a website system written in PHP, using sessions.
My current code is:
...
0
votes
2answers
2k views
Password-Lock a Single Page with PHP - How did I do?
I just wrote some PHP to let a client lock off a their one-page site from the public using a password. No users and no database. Just checking the password the user enters and testing it against the ...
3
votes
2answers
273 views
My Session Handler
I'm yet to add garbage cleanup, ID regeneration and the ability to unset sessions, but this is what I have so far.
Does this help prevent session hijacking/fixation?
Can you see any vulnerabilities?
...
