Home >Backend Development >PHP Tutorial >Use session instead of apache server verification_PHP tutorial

Use session instead of apache server verification_PHP tutorial

WBOYOriginal: 2016-07-13 17:21:06752browse

For pages that require authentication, it is best to use apache server authentication.
However, the interface of apache server verification is not friendly enough. Moreover, not all situations
can be verified using the apache server, such as php in cgi mode and php under iis.

Use session to save user identity between different pages, such as

if ($name=="" && $pass=="")
{
?>

}
else
{
if($name!="uuu" || $pass!="ppp")
{
echo "login fail!";
}
else
{
session_register("user");
session_register("passwd");
$user=$name;
$passwd =$pass;
echo "OK!
next page";
}
}

next.php

session_start();
echo "username:$user";
?>

However, users can use http://domain.name.com/next.php?user=uuu
to bypass authentication.

So, the actual next.php must be like this:
session_start();
if (!session_is_registered("user"))
{
echo "login fail";
}
else
{
echo "username:$user";
}
?>

Use session_is_registered() to detect session variables.
In this way, reliable authentication of identity has been basically achieved using session.

Statement：

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Previous article：8 Tips for PHP Scripting (1)_PHP TutorialNext article：8 Tips for PHP Scripting (1)_PHP Tutorial

See more

Use session instead of apache server verification_PHP tutorial

Related articles