Hi anyOne.
Well I've a authentication class
when the user get authenticated
the script update the
field cookieSessionUid on my DB
with a ramdon value then
I set a cookie and a session with
this value and a cookie with the
userId .
When I check if the user is
authenticated I use a query like this:
$query = "SELECT
$this->idField,$this->cookieUidField,$this->privField
FROM
$this->UsersTable
WHERE
$this->idField='".$COOKIE['UserId']."' && $this->cookieUidField='".$COOKIE['cookieUid']."'";
$result = $this->__DB->Execute($query) or die("Error in query: $query. " .
$db->ErrorMsg());
if($result->RecordCount() !== 0)
{
// good user
$row = $result->FetchNextObject();
}
I'm wondering if I enhance the
security of the script if I make a check
like this:
if($row->COOKIEUID === $_SESSION['Uid'])
{
//good user
}
That's all.
I'm awaiting for a your reply 😃
Take care.
