A session refers to all the requests that a single client makes to a server. A session is specific to the user and for each user a new session is created to track all the request from that user.
1
vote
2answers
56 views
5
votes
1answer
152 views
Session handling using Python Requests client
I'm using this code to login to an experiment login system created by me for this purpose.
...
2
votes
1answer
38 views
Cookie, Session, and Flash middleware for Iron framework
Iron's cookie and session middleware projects seem to be abandoned. I've put together implementations for them, along with a ...
0
votes
1answer
95 views
PHP PDO login with session
index.php,general message.php, logout.php, site life.php (this page for session and put it in the other pages by required)
Database:
connection.php
...
4
votes
1answer
76 views
Very basic PHP session handling
I’ve got my first real PHP web application up and running. It is working as expected, but being my first time, I’m sure there is plenty of room for improvement.
Right now, there is one particular ...
0
votes
1answer
43 views
1
vote
0answers
32 views
Using session variables to overcome enctype=“multipart/form-data”
I was trying to design a page which will help me upload documents for each case, along with some form data. I then realized request.getParameter() will not work ...
0
votes
0answers
63 views
Check if a user is authorised to visit a page
I'm creating a user portal for our customers but I'm yet to find the best way to check if a user is logged in or not. I used to check it by setting some session variables with my ...
1
vote
0answers
75 views
Session wrapper for PHP that supports alternative session handlers
I'm developing a session wrapper for the next version of a framework that I've been working on for the past few years. I want to support a variety of PHP session handlers. Laravel's session package ...
1
vote
0answers
18 views
FlowRouter auto-redirect on login page
The site should be accessible only to signed-in users. I'm making sure I publish and enable data manipulation to only those, but I wanna make sure even the app structure won't be visible.
What I did ...
2
votes
1answer
969 views
Login system using a persistent cookie
I want to be sure that my code below properly secures the website based on all of the information provided.
Login System Overview
When a user logs in, the following user info is saved to a ...
2
votes
0answers
72 views
PHP login and session establishment
I would like to ask your advice on my simple code to login and registration sessions.
In the User class, login function:
...
1
vote
2answers
87 views
Using session wrapper for accessing session data
When users log in to our website, we store some information in a session to retrieve it across the site. We created a few wrappers to help with data retrieval/storage to lessen duplication of code.
I'...
3
votes
2answers
65 views
2
votes
1answer
203 views
Session expiration handler using PHP and jQuery
At this point i am interested to see other techniques on handling session timeouts.
What are some good improvements on this script to detect when a session is no longer valid?
Important definitions:
...
1
vote
2answers
55 views
Logging out users securely
Is there anything I need to add or is this the best security possible?
...
2
votes
0answers
49 views
Add transactional Units of Work to incorrect NHibernate usage (microsessions, single object actions)
This code is part of a quite huge repository using NHibernate in a wrong way: no units of work, but microsessions for every object loading and saving (ignorant of Persistence Ignorance, coded like ...
4
votes
2answers
95 views
“Remember me” automatic login
I've implemented a "remember me" automatic login if no session has been set, but a remember me cookie is on their computer. I'm concerned about security and I'm not the best. I'm relatively new to OOP ...
4
votes
1answer
886 views
Persistent login (“remember me” cookie) using PHP
The code below is a attempt to create a persistent login cookie. I am an amateur and not professional so this is the first attempt to have secure remember me cookie. Now I want you guys to review two ...
3
votes
0answers
495 views
Simple tracking online users in ASP.NET
I wrote simple online users tracking for my ASP.NET MVC project.
In Global.asax I added:
...
1
vote
1answer
104 views
4
votes
1answer
111 views
Restart Citrix session using locally stored application
I have a Windows forms application which we deployed in my firm for use on thin clients. The app lives locally on each user's machine, but pretty much all of the work the users do is over a Citrix ...
2
votes
2answers
169 views
Many nested session verification conditions
Can someone give me advice on cleaning this code? It's more messy then I expected. I got like 10-15 more ifs to be added.
I've thought of adding the error messsages in methods and then just check if ...
5
votes
1answer
70 views
Database Session Class
I have made the decision to move the storing of session data from the filesystem to the database. Our application is growing at pace and we are having issues with the load balancer breaking the ...
5
votes
2answers
3k views
Login system with session using CodeIgniter
I implemented a login system, with session, using CodeIgniter.
If the session doesn't exist, redirect to login page.
Please review, and let me know what can be done to make it better.
view (login.php)...
5
votes
1answer
141 views
login_required decorator in Flask
I have 2 Flask apps (different projects) that work together . One implements some API which uses tokens for auth. The second one consumes the API and makes a web interface for it. Now I have a login ...
1
vote
1answer
168 views
Another PHP login handler
I wrote this class to handle login sessions for a framework I'm writing for educational purposes.
My major areas of concern:
Style
I know my style is a little contrary to most coding conventions. ...
2
votes
1answer
38 views
Authentication and session creation
My session controller has a method for creating new user session. According to Rubocop's output there is 'Assignment Branch Condition' metric is too high [15.17/15].
...
2
votes
1answer
347 views
Using $_POST and $_SESSION - passing variables between pages
I have an index page which gets passed $_POST['timestart'] and $_POST['timeend'] variables. In addition, I have a cart page ...
2
votes
1answer
988 views
Simple PHP session handler class (using MySQL for session data storage)
I have tried to write a small light weighted php session handling class that use PHP's session_set_save_handler() function to overwrite the default session handling ...
3
votes
1answer
164 views
Basic login script for educational purposes
I have created a login script to demonstrate the usage of sessions in PHP. The focus is not on security, databases or encryption. The idea is to exemplify how you can use sessions to protect pages ...
2
votes
2answers
353 views
Session Handling Setup
Just wanted to run through my PHP session handling and get some feedback and tips with regard to what is good (if anything!), what could be better and what is either plain wrong, or using out of date ...
1
vote
2answers
77 views
PHP session_set_saver_handler with session timeout
I have developed a class that utilises the session_set_saver_handler function so I can store sessions within my DB. The class works just as I would like.
However, ...
1
vote
0answers
360 views
Handling user permissions in Code Igniter
I haven't done much work with Code Igniter, and can't seem to get much of a definitive answer poking around as to what the best solution to this problem is. Before moving forward, I wanted to see if ...
3
votes
1answer
68 views
Cross-site request forgery defense for code to count Likes
I have the following code which is supposed to insert a row into a DB table "clicks" (consisting of 1 Primary AI column "id" and another column "user" which contains the user's session ID) upon ...
2
votes
1answer
136 views
Custom Session Pool
We use a student information system called Colleague that is developed by Ellucian. As far as I can tell, the system does not use any sort of session pool so rapidly opening and closing connections ...
5
votes
1answer
339 views
For a login portal, what security measures are needed to prevent unauthorized access?
I'm designing a login portal that has one angularjs page that displays/processes data queried from a database. I'm relying on a few php pages (a loginpage.php [verifies credentials/loads session ...
3
votes
1answer
464 views
PHP login system security using a database, cookies and sessions
I created a simple login system using just sessions but having to login every time gets annoying. That is why I'm no trying to save the sessions to my database linked to the user's account. I will ...
1
vote
0answers
59 views
Persisting database row ID between controller actions on a multi-step “create item” form
I have a form on an anonymous site which has 3 steps. A user submits each step individually, in sequence (1-2-3). BUT, step 1 creates a new table row, while steps 2 and 3 only update the existing row (...
3
votes
1answer
129 views
Custom session handler
I'm new to PDO and haven't been coding in a while. Is the following custom session handler industry-acceptable?
...
3
votes
1answer
366 views
Adding new sockets and sessions
I am currently writing a TcpListener class where it begins a new socket and adds a new Session. I have classes called ...
3
votes
1answer
155 views
Session flash class
I've created this class, for flashing variables like validation errors or success messages. But I'm not certainly sure about it.
...
3
votes
0answers
833 views
Authorization token from servlet filter stores user name
I'm having some difficulty with servlet and filter lifecycles. The intention here is to use the front controller pattern with a simple login; authentication is accomplished with the filter.
Am I ...
5
votes
1answer
589 views
PHP login script security check
I made an admin login script for my own CMS website that I'm making in Code Igniter 2.2.1 and I'd like to know what are the potential threats or some holes that I might have left open.
This is how it ...
6
votes
2answers
5k views
Protect from people bruteforcing the PHPSESSID
The PHPSESSID is stored in the clients cookie so I don't consider it as secure. Someone might bruteforce it and perform some action (like a Facebook status post) whenever a session was successfully ...
3
votes
1answer
148 views
Making user login system secure with $_SESSION [closed]
I am hoping that someone can help me out here. I am creating a PHP web app that requires a user to login to view their data in the MySQL database.
I just want to know if this is a good approach and ...
5
votes
0answers
531 views
Is this minimal Go cookie authentication system safe?
I'm working on a login system in Go (Golang). Previously, I was using Gorilla Sessions for this, but I wanted to see if I could reinvent the wheel and make it simpler.
Also, I don't need to store ...
4
votes
2answers
60 views
Formatting checks against a session
This is the current code that gets put into a option box, is there a way to make this code more efficient and use less code
...
2
votes
1answer
220 views
Is my Node/Express-based authentication implementation with session properly done?
I know that Passport.js exists, however, I wanted to code my own implementation using express-session module.
I'm using:
Express
Mongoose
express-session
So I basically have 2 routes for handling ...
4
votes
2answers
477 views
PHP Session Wrapper Class
I recently worked on a system for the company I work for and would love some feedback on the following class for managing sessions. I don't claim to be a PHP guru but I like to think I gave it a try!
...
