For all of my projects I use codeigniter as my framework. I always use sessions in order to get store things like user_string and user_permissions to determine who can access certain functions and pages within the site.
Is it bad practise to use the session->userdata
as a basis to provide a user unique content?
I usually set a user an array of userdata when they login, like so:
$data = array('id' => $user_string,
'g' => $user_group);
$this->session->set_userdata($data);
When I'm determining what results they get for a query I might do the following:
function get_posts(){
if( $this->session->userdata('g') == 2 ){
$data = $this->db->get_where('posts', array('' => $this->session->userdata('id') ) )->result_array();
return $data;
}
}
Is this code vulnerable because of the session->userdata('id')
and session->userdata('g')
?
Any comment is greatly appreciated.
just do one think:-
save your key to your application/config/config.php, open the file and set
$config['encryption_key'] = "YOUR KEY";
$this->load->library('encrypt');
data = array('id' => $this->encrypt->encode($user_string),
'g' => $this->encrypt->encode($user_group),
);
$this->session->set_userdata($data);
when get data:-
function get_posts(){
if( $this->session->userdata('g') == 2 ){
$id =$this->encrypt->decode($this->session->userdata('id') );
$data = $this->db->get_where('posts', array('' => $id ) )->result_array();
return $data;
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.