IT350: Web & Internet Programming Set 16: Sessions Logging In - - PDF document

it350 web internet programming
SMART_READER_LITE
LIVE PREVIEW

IT350: Web & Internet Programming Set 16: Sessions Logging In - - PDF document

May 18, 2023 568 likes •627 views

IT350: Web & Internet Programming Set 16: Sessions Logging In Correctly 1 Logging In Correctly Unique session IDs identify your client No other client who has connected to the website should have the same ID With proper

slide-1
SLIDE 1

1

IT350: Web & Internet Programming

Set 16: Sessions

Logging In Correctly

slide-2
SLIDE 2

2

Logging In Correctly

  • Unique session IDs identify your client
  • No other client who has connected to the website

should have the same ID

  • With proper encryption, nobody else knows your ID.

Authentication

  • Get username/password from user
  • Check in file/db that correct combination

– Never store plain text passwords

  • Hash
  • Salt
  • Iterate hashing
  • Set session variable
  • Later see if session variable is set – if yes, it

means “authenticated” user

slide-3
SLIDE 3

3

Sessions in PHP - Create

session_start() $_SESSION[‘username‘] = ‘test’;

Sessions in PHP – Read and Delete

session_start(); if (isset($_SESSION[‘username’])) $user = $_SESSION[‘username‘]; unset($_SESSION[‘username’]; session_destroy();

slide-4
SLIDE 4

4

Session management

  • Session token should be random

– session_id() gives you the id of the session

  • Cookie

– No expiration date set - so expires at end of browsing session – secure – only send over https – HttpOnly – cannot be accessed from JS

Exercise

Look at login.php and read.php on the calendar and mope. Edit your team’s login PHP to use sessions. If you don’t have a login yet, make it!