I'm trying to learn user authentication while I'm building a small user login system.
I was wondering if I'm doing something right in regards to user authentication check with the my code below. Thanks for any input!
If(isset($_SESSION["UserID"])){
}else{
header("Location: page.php");
exit();
}
Or, doing something like this:
If(($_SESSION["UserID"] && $_SESSION["UserToken"])){
}else{
header("Location: page.php");
exit();
}
Token is created using bin2hex with the length the string length of the date.
Both appear to work fine. I just want to know if I'm doing this as intended or is there a better way?
Both look fine. Only thing is, that I am guessing you are previously setting those SESSION variables, when user types in his credentials into the login form and clicks on submit button?
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments