문제

I'm currently experimenting with HybridAuth for my signup/log in system. After a user has authenticated successfully, i store the user id in the session $_SESSION['user'] = $user_id. I also store all the other data that HybridAuth can give me about a user in a database for later use.

Then when I need to check whether the user is logged in, I can run the following:

if(isset($_SESSION['user_id']))

And then maybe something like the following to ensure that the logged in user can perform an action (e.g. delete comment):

if ( $_SESSION['user_id'] == $comment_user ) {
    //User owns the comment, go ahead and delete it.
    ...
}
  1. Isn't this sort of thing enough?
  2. What is the point of all the $_SESSION data generated by HybridAuth?
  3. Would it be better to unset it all to save memory?
  4. How have others used this data?
도움이 되었습니까?

해결책

Using $_SESSION that way is ok, but what happens with the $_SESSION expires? do you reauthorize?

We store the HybridAuth authorization info in a MySQL and use it later to access Social Media Profile, post to timeline and such.

라이센스 : CC-BY-SA ~와 함께 속성
제휴하지 않습니다 StackOverflow
scroll top