Is there any alternative way to session based user access control?

Asked Aug 10 '13 at 10:13

Active Aug 10 '13 at 10:34

Viewed 56 times

For my project I'm using session based access control to handle different type of users, is it secure? is there any other way to do same thing? This is my coding.

// Note : $_SESSION['role']==1 refer to Admin and ['role']==3 refer to staff 

session_start();
if(!empty($_SESSION['cur_user'])&&($_SESSION['role']==1) || ($_SESSION['role']==3)  )
{
   //if user login details is correct .. doing some stuff         
?>

<!-- Website Content-->

<?php
}

else{
    unset($_SESSION['cur_user']);
    session_destroy();
    header ("location:login.php");
}

?>

edited Aug 10 '13 at 10:34

Patrick Kostjens

5,065
6
29
46

asked Aug 10 '13 at 10:13

YathuGulan

session is secure than a cookie based system – DevZer0 Aug 10 '13 at 10:14
u can run your sessions through mysql, this is a great alternative because you can run the session through multiple servers – David Ericsson Aug 10 '13 at 10:29

Is there any alternative way to session based user access control?

0 Answers0