A session refers to all the requests that a single client makes to a server. A session is specific to the user and for each user a new session is created to track all the request from that user.
1
vote
0answers
31 views
Concurrent SSH session pool
In my application I need to perform several SSH commands from Windows to a Linux machine.
Since I need to reduce as much as possible the SSH calls overhead and also limit the number of concurrent ...
0
votes
1answer
57 views
Secure logout PHP code with cookies
I have the following PHP logout script and I would like to know the loopholes present in it. How can I improve it?
...
1
vote
1answer
32 views
Class for creating save sessions in PHP
Is the following class well-built and secure or am I missing something? Any improvement ideas welcome.
...
3
votes
1answer
79 views
Cookie wrapper made for fun
This was mostly made for fun, so I don't see it having any real world purpose any time soon.
...
0
votes
0answers
38 views
Alternative session token implementation in flask
Here is my implementation of an alternative session token. The idea is to reset session_token every time get_id is called, so (I ...
1
vote
2answers
83 views
5
votes
1answer
172 views
Session handling using Python Requests client
I'm using this code to login to an experiment login system created by me for this purpose.
...
3
votes
1answer
63 views
Cookie, Session, and Flash middleware for Iron framework
Iron's cookie and session middleware projects seem to be abandoned. I've put together implementations for them, along with a ...
-1
votes
1answer
325 views
PHP PDO login with session
index.php,general message.php, logout.php, site life.php (this page for session and put it in the other pages by required)
Database:
connection.php
...
4
votes
1answer
86 views
Very basic PHP session handling
I’ve got my first real PHP web application up and running. It is working as expected, but being my first time, I’m sure there is plenty of room for improvement.
Right now, there is one particular ...
1
vote
0answers
68 views
Using session variables to overcome enctype=“multipart/form-data”
I was trying to design a page which will help me upload documents for each case, along with some form data. I then realized request.getParameter() will not work ...
0
votes
0answers
69 views
Check if a user is authorised to visit a page
I'm creating a user portal for our customers but I'm yet to find the best way to check if a user is logged in or not. I used to check it by setting some session variables with my ...
1
vote
0answers
111 views
Session wrapper for PHP that supports alternative session handlers
I'm developing a session wrapper for the next version of a framework that I've been working on for the past few years. I want to support a variety of PHP session handlers. Laravel's session package ...
1
vote
0answers
28 views
FlowRouter auto-redirect on login page
The site should be accessible only to signed-in users. I'm making sure I publish and enable data manipulation to only those, but I wanna make sure even the app structure won't be visible.
What I did ...
2
votes
1answer
1k views
Login system using a persistent cookie
I want to be sure that my code below properly secures the website based on all of the information provided.
Login System Overview
When a user logs in, the following user info is saved to a ...
2
votes
1answer
132 views
PHP login and session establishment
I would like to ask your advice on my simple code to login and registration sessions.
In the User class, login function:
...
1
vote
2answers
98 views
Using session wrapper for accessing session data
When users log in to our website, we store some information in a session to retrieve it across the site. We created a few wrappers to help with data retrieval/storage to lessen duplication of code.
I'...
3
votes
2answers
65 views
2
votes
1answer
291 views
Session expiration handler using PHP and jQuery
At this point i am interested to see other techniques on handling session timeouts.
What are some good improvements on this script to detect when a session is no longer valid?
Important definitions:
...
1
vote
2answers
56 views
Logging out users securely
Is there anything I need to add or is this the best security possible?
...
2
votes
0answers
59 views
Add transactional Units of Work to incorrect NHibernate usage (microsessions, single object actions)
This code is part of a quite huge repository using NHibernate in a wrong way: no units of work, but microsessions for every object loading and saving (ignorant of Persistence Ignorance, coded like ...
4
votes
2answers
102 views
“Remember me” automatic login
I've implemented a "remember me" automatic login if no session has been set, but a remember me cookie is on their computer. I'm concerned about security and I'm not the best. I'm relatively new to OOP ...
4
votes
1answer
1k views
Persistent login (“remember me” cookie) using PHP
The code below is a attempt to create a persistent login cookie. I am an amateur and not professional so this is the first attempt to have secure remember me cookie. Now I want you guys to review two ...
3
votes
0answers
908 views
Simple tracking online users in ASP.NET
I wrote simple online users tracking for my ASP.NET MVC project.
In Global.asax I added:
...
1
vote
1answer
127 views
4
votes
1answer
157 views
Restart Citrix session using locally stored application
I have a Windows forms application which we deployed in my firm for use on thin clients. The app lives locally on each user's machine, but pretty much all of the work the users do is over a Citrix ...
2
votes
2answers
170 views
Many nested session verification conditions
Can someone give me advice on cleaning this code? It's more messy then I expected. I got like 10-15 more ifs to be added.
I've thought of adding the error messsages in methods and then just check if ...
5
votes
1answer
81 views
Database Session Class
I have made the decision to move the storing of session data from the filesystem to the database. Our application is growing at pace and we are having issues with the load balancer breaking the ...
5
votes
2answers
6k views
Login system with session using CodeIgniter
I implemented a login system, with session, using CodeIgniter.
If the session doesn't exist, redirect to login page.
Please review, and let me know what can be done to make it better.
view (login.php)...
5
votes
1answer
192 views
login_required decorator in Flask
I have 2 Flask apps (different projects) that work together . One implements some API which uses tokens for auth. The second one consumes the API and makes a web interface for it. Now I have a login ...
1
vote
1answer
189 views
Another PHP login handler
I wrote this class to handle login sessions for a framework I'm writing for educational purposes.
My major areas of concern:
Style
I know my style is a little contrary to most coding conventions. ...
2
votes
1answer
41 views
Authentication and session creation
My session controller has a method for creating new user session. According to Rubocop's output there is 'Assignment Branch Condition' metric is too high [15.17/15].
...
2
votes
1answer
412 views
Using $_POST and $_SESSION - passing variables between pages
I have an index page which gets passed $_POST['timestart'] and $_POST['timeend'] variables. In addition, I have a cart page ...
2
votes
1answer
1k views
Simple PHP session handler class (using MySQL for session data storage)
I have tried to write a small light weighted php session handling class that use PHP's session_set_save_handler() function to overwrite the default session handling ...
3
votes
1answer
166 views
Basic login script for educational purposes
I have created a login script to demonstrate the usage of sessions in PHP. The focus is not on security, databases or encryption. The idea is to exemplify how you can use sessions to protect pages ...
2
votes
2answers
445 views
Session Handling Setup
Just wanted to run through my PHP session handling and get some feedback and tips with regard to what is good (if anything!), what could be better and what is either plain wrong, or using out of date ...
1
vote
2answers
85 views
PHP session_set_saver_handler with session timeout
I have developed a class that utilises the session_set_saver_handler function so I can store sessions within my DB. The class works just as I would like.
However, ...
1
vote
0answers
454 views
Handling user permissions in Code Igniter
I haven't done much work with Code Igniter, and can't seem to get much of a definitive answer poking around as to what the best solution to this problem is. Before moving forward, I wanted to see if ...
3
votes
1answer
69 views
Cross-site request forgery defense for code to count Likes
I have the following code which is supposed to insert a row into a DB table "clicks" (consisting of 1 Primary AI column "id" and another column "user" which contains the user's session ID) upon ...
2
votes
1answer
167 views
Custom Session Pool
We use a student information system called Colleague that is developed by Ellucian. As far as I can tell, the system does not use any sort of session pool so rapidly opening and closing connections ...
5
votes
1answer
394 views
For a login portal, what security measures are needed to prevent unauthorized access?
I'm designing a login portal that has one angularjs page that displays/processes data queried from a database. I'm relying on a few php pages (a loginpage.php [verifies credentials/loads session ...
3
votes
1answer
610 views
PHP login system security using a database, cookies and sessions
I created a simple login system using just sessions but having to login every time gets annoying. That is why I'm no trying to save the sessions to my database linked to the user's account. I will ...
1
vote
0answers
60 views
Persisting database row ID between controller actions on a multi-step “create item” form
I have a form on an anonymous site which has 3 steps. A user submits each step individually, in sequence (1-2-3). BUT, step 1 creates a new table row, while steps 2 and 3 only update the existing row (...
3
votes
1answer
129 views
Custom session handler
I'm new to PDO and haven't been coding in a while. Is the following custom session handler industry-acceptable?
...
3
votes
1answer
406 views
Adding new sockets and sessions
I am currently writing a TcpListener class where it begins a new socket and adds a new Session. I have classes called ...
3
votes
1answer
164 views
Session flash class
I've created this class, for flashing variables like validation errors or success messages. But I'm not certainly sure about it.
...
3
votes
0answers
996 views
Authorization token from servlet filter stores user name
I'm having some difficulty with servlet and filter lifecycles. The intention here is to use the front controller pattern with a simple login; authentication is accomplished with the filter.
Am I ...
5
votes
1answer
636 views
PHP login script security check
I made an admin login script for my own CMS website that I'm making in Code Igniter 2.2.1 and I'd like to know what are the potential threats or some holes that I might have left open.
This is how it ...
7
votes
2answers
6k views
Protect from people bruteforcing the PHPSESSID
The PHPSESSID is stored in the clients cookie so I don't consider it as secure. Someone might bruteforce it and perform some action (like a Facebook status post) whenever a session was successfully ...
3
votes
1answer
159 views
Making user login system secure with $_SESSION [closed]
I am hoping that someone can help me out here. I am creating a PHP web app that requires a user to login to view their data in the MySQL database.
I just want to know if this is a good approach and ...
