0

I found a PHP class

PHPsessionManager

The article that talks about it can be found How to create a bulletproof-sessions

This class is about creating a secured session where the session_id changes with every request and the also request is destroyed so an attacker won't be able to find any session.

The instructions states, in order to create a new session then you do:

// Creates a basic session.
SessionManager::sessionStart('InstallationName');

But how can I set a session variable? (ie. $_SESSION['first_name'] = 'Mike'; )

So how can I save different variables in this session?

Improve this question
5
  • Looking at the code in PHPSessionManager, it appears that you can do just what you have in your question - $_SESSION['first_name'] = 'Mike'. Did you try it? Commented Apr 29, 2014 at 19:26
  • I tried it but it is not working. Commented Apr 29, 2014 at 19:27
  • How is it not working? The data that you read out is not the data that you set in the $_SESSION array? Commented Apr 29, 2014 at 19:28
  • correct. when I do echo $_SESSION['first_name'] nothing is printed. Commented Apr 29, 2014 at 19:29
  • When are you setting the variable in $_SESSION? If you do it before you run SessionManager::sessionStart('InstallationName') then it will get wiped out. Commented Apr 29, 2014 at 19:40

1 Answer 1

Reset to default
1

When I take a look at the class itself, (http://phpsessionmanager.googlecode.com/svn/trunk/Session.class.php) I think that this class isn't being used to initiate a session variable as you want to use it.

For example: You can initialize this class AFTER a user logged in on your site. This way, you can identify the user (afterwards) without the need for requesting the user credentials again.

Correct me if I'm wrong.

Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

I think so. But should it be also to secure the session variables?
No, instead of using a regular session, this class creates a cookie. So you don't use this for variables. Just te keep track of a user that has been logged in. (So that the user doesn't have to enter his credentials every time)
so I would only use this class to check if the user is logged in and nothing else? if this is the case then how would I use session variables securely?
Depending on the information you want to store in the session and what you want to use it for, can you hash it. And I you really want everything to be safe, you can use SSL. Also, session variables are server side, so the user can't see or manipulate it. (stackoverflow.com/questions/2430253/…)
I see. So how can evaluate if this use is authorized? first I would match the user_name/password in the database. if I can match them then i will start the session SessionManager::sessionStart('InstallationName'). But how would I check if the session is authorized?
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.