A session refers to all the requests that a single client makes to a server. A session is specific to the user and for each user a new session is created to track all the request from that user.
0
votes
0answers
29 views
PSR7 Request/Response Session handling [closed]
I have created a library to deal with sessions in a PSR7 Http Message middleware architecture. I am abstracting away from PHP native session mechanisms while still using its native ...
4
votes
1answer
487 views
Persistent login (“remember me” cookie) using PHP
The code below is a attempt to create a persistent login cookie. I am an amateur and not professional so this is the first attempt to have secure remember me cookie. Now I want you guys to review two ...
1
vote
0answers
48 views
Simple tracking online users in ASP.NET
I wrote simple online users tracking for my ASP.NET MVC project.
In Global.asax I added:
...
0
votes
1answer
42 views
4
votes
1answer
39 views
Restart Citrix session using locally stored application
I have a Windows forms application which we deployed in my firm for use on thin clients. The app lives locally on each user's machine, but pretty much all of the work the users do is over a Citrix ...
2
votes
2answers
156 views
Many nested session verification conditions
Can someone give me advice on cleaning this code? It's more messy then I expected. I got like 10-15 more ifs to be added.
I've thought of adding the error messsages in methods and then just check if ...
4
votes
1answer
53 views
Database Session Class
I have made the decision to move the storing of session data from the filesystem to the database. Our application is growing at pace and we are having issues with the load balancer breaking the ...
4
votes
2answers
121 views
Login system with session using CodeIgniter
I implemented a login system, with session, using CodeIgniter.
If the session doesn't exist, redirect to login page.
Please review, and let me know what can be done to make it better.
view ...
5
votes
1answer
72 views
login_required decorator in Flask
I have 2 Flask apps (different projects) that work together . One implements some API which uses tokens for auth. The second one consumes the API and makes a web interface for it. Now I have a login ...
1
vote
1answer
126 views
Another PHP login handler
I wrote this class to handle login sessions for a framework I'm writing for educational purposes.
My major areas of concern:
Style
I know my style is a little contrary to most coding conventions. ...
2
votes
1answer
34 views
Authentication and session creation
My session controller has a method for creating new user session. According to Rubocop's output there is 'Assignment Branch Condition' metric is too high [15.17/15].
...
2
votes
1answer
170 views
Using $_POST and $_SESSION - passing variables between pages
I have an index page which gets passed $_POST['timestart'] and $_POST['timeend'] variables. In addition, I have a cart page ...
1
vote
1answer
525 views
Simple PHP session handler class (using MySQL for session data storage)
I have tried to write a small light weighted php session handling class that use PHP's session_set_save_handler() function to overwrite the default session handling ...
3
votes
1answer
152 views
Basic login script for educational purposes
I have created a login script to demonstrate the usage of sessions in PHP. The focus is not on security, databases or encryption. The idea is to exemplify how you can use sessions to protect pages ...
2
votes
2answers
255 views
Session Handling Setup
Just wanted to run through my PHP session handling and get some feedback and tips with regard to what is good (if anything!), what could be better and what is either plain wrong, or using out of date ...
1
vote
2answers
59 views
PHP session_set_saver_handler with session timeout
I have developed a class that utilises the session_set_saver_handler function so I can store sessions within my DB. The class works just as I would like.
However, ...
1
vote
0answers
139 views
Handling user permissions in Code Igniter
I haven't done much work with Code Igniter, and can't seem to get much of a definitive answer poking around as to what the best solution to this problem is. Before moving forward, I wanted to see if ...
3
votes
1answer
66 views
Cross-site request forgery defense for code to count Likes
I have the following code which is supposed to insert a row into a DB table "clicks" (consisting of 1 Primary AI column "id" and another column "user" which contains the user's session ID) upon ...
2
votes
1answer
94 views
Custom Session Pool
We use a student information system called Colleague that is developed by Ellucian. As far as I can tell, the system does not use any sort of session pool so rapidly opening and closing connections ...
5
votes
1answer
236 views
For a login portal, what security measures are needed to prevent unauthorized access?
I'm designing a login portal that has one angularjs page that displays/processes data queried from a database. I'm relying on a few php pages (a loginpage.php [verifies credentials/loads session ...
2
votes
1answer
328 views
PHP login system security using a database, cookies and sessions
I created a simple login system using just sessions but having to login every time gets annoying. That is why I'm no trying to save the sessions to my database linked to the user's account. I will ...
1
vote
0answers
55 views
Persisting database row ID between controller actions on a multi-step “create item” form
I have a form on an anonymous site which has 3 steps. A user submits each step individually, in sequence (1-2-3). BUT, step 1 creates a new table row, while steps 2 and 3 only update the existing row ...
3
votes
1answer
124 views
Custom session handler
I'm new to PDO and haven't been coding in a while. Is the following custom session handler industry-acceptable?
...
3
votes
1answer
261 views
Adding new sockets and sessions
I am currently writing a TcpListener class where it begins a new socket and adds a new Session. I have classes called ...
3
votes
1answer
124 views
Session flash class
I've created this class, for flashing variables like validation errors or success messages. But I'm not certainly sure about it.
...
3
votes
0answers
559 views
Authorization token from servlet filter stores user name
I'm having some difficulty with servlet and filter lifecycles. The intention here is to use the front controller pattern with a simple login; authentication is accomplished with the filter.
Am I ...
4
votes
1answer
496 views
PHP login script security check
I made an admin login script for my own CMS website that I'm making in Code Igniter 2.2.1 and I'd like to know what are the potential threats or some holes that I might have left open.
This is how it ...
5
votes
2answers
4k views
Protect from people bruteforcing the PHPSESSID
The PHPSESSID is stored in the clients cookie so I don't consider it as secure. Someone might bruteforce it and perform some action (like a Facebook status post) whenever a session was successfully ...
3
votes
1answer
134 views
Making user login system secure with $_SESSION [closed]
I am hoping that someone can help me out here. I am creating a PHP web app that requires a user to login to view their data in the MySQL database.
I just want to know if this is a good approach and ...
4
votes
2answers
60 views
Formatting checks against a session
This is the current code that gets put into a option box, is there a way to make this code more efficient and use less code
...
2
votes
1answer
192 views
Is my Node/Express-based authentication implementation with session properly done?
I know that Passport.js exists, however, I wanted to code my own implementation using express-session module.
I'm using:
Express
Mongoose
express-session
So I basically have 2 routes for handling ...
4
votes
2answers
402 views
PHP Session Wrapper Class
I recently worked on a system for the company I work for and would love some feedback on the following class for managing sessions. I don't claim to be a PHP guru but I like to think I gave it a try!
...
4
votes
2answers
746 views
Performance of hashmap-based session object
Unfortunately, I can't use the Tomcat session for storing the key/value pairs for each user (restricted because it's an IVR domain-based project).
But I need the same functionality like a ...
2
votes
1answer
698 views
3
votes
2answers
676 views
Abstract session value manager
I've been working in C# for a while, but I'm just recently starting to force myself to use better abstracted and generic code. I recently encountered a situation where I was juggling a lot of session ...
2
votes
1answer
82 views
HttpSession Wrapper Class
Are there any aspects I could improve of my HttpSession wrapper class?
Other suggestions are also welcome.
...
3
votes
2answers
5k views
PHP Session handling class
I've written a custom PHP session class for handling sessions across the web app. Please review the code and point out mistakes and suggest better handling techniques.
...
6
votes
1answer
60 views
Creating a server for user Internet orders
I've been learning the basics of node over the last couple of days and finally hooked up what I needed. I'm just after someone to comment on if I have gone the right way around this task.
It creates ...
12
votes
2answers
307 views
Sessions and Authentication
I've a feeling I'm overdoing my Auth class, and that it could be done in a simpler and more understandable way.
Could you give me advice on this, please?
This is ...
4
votes
1answer
353 views
3
votes
1answer
334 views
How to regenerate my session ID often when using this class?
I have created a class that will manage my session. I am hoping to acomplish a class that will secure my site from all known attacks (ie. fixation, precedent, and capture.)
The idea is to
Change ...
8
votes
2answers
305 views
Making a simple session class more secured
I just wrote the session class below. I humbly request for a review on how to make this even more secured/ how sessions are normally written. The code below works, but I would love to make it even ...
8
votes
3answers
19k views
First PHP login system
This is my first attempt at a login system! I've only had roughly 2 days of experience with MySQL and PHP so far and this is what I came up with:
...
4
votes
1answer
73 views
Session manager for logged in users
I wrote this code to handle logged in users. The session IDs will be stored in cookies. I would like to know if it's usable or if there are security problems.
It uses a 64bit id and another 64bit ...
4
votes
1answer
189 views
Security - Login system
For a school project I have been asked to create a login system for a website. The language I have to use is PHP with no database as of yet (for a later assignment). I'm just wondering if this code ...
5
votes
1answer
157 views
Safety issues in PHP log-in system
This is a user login (some session wrapper I managed to put together after a lot of web searching).
It's for a simple CMS I'm trying to build. It only needs one user and there is no need for ...
3
votes
1answer
636 views
Session state wrapper, extending an existing application
I'm adding additional functionality to an existing MVC .net application, and to help prevent or at least reduce repeated reads to the dB I'm dumping a few custom entities in session. I'm limiting what ...
2
votes
1answer
178 views
PHP session fixation
I'm trying to implement a system of restricted access. Right now I'm focusing on the "session fixation". I am concerned about the following aspects:
Control of a "fingerprint" of the user created by ...
12
votes
1answer
610 views
PHP form with bot deterrent
I saw somewhere on here that it helps reduce spam by adding a dummy input field that you hide with display: none, and like if it's filled out, then it's obviously ...
2
votes
1answer
201 views
Update SQL query using UNIX time
I would like to test the following garbage collector code on a database of sessions.
It should be following the conditions below:
if 'remember me' is enabled by the user, then it should delete all ...
