Hello,
I want to use a MySQL Heap table (server load isn't an issue) for session management considering that I use a shared server and don't want anyone who has access to /tmp to be able to read session data and possibly hijack a session.
I've got no clue how to use a table for session management.
I've started off by creating a table that will store the following:
Session ID (will create this using dechex with a random number)
Username (unique)
User Type
Session Creation Date/Time
I'm used to using PHP's $_SESSION variable. How would I go about replacing this with the DB session management?
Also:
Every time a page is requested how would I track a PC to know if a user has logged in or not? I could use an IP but then some ISP's assign a unique IP every time a new page is loaded.
What other methods are there or have I totally gotten the session management using a DB concept wrong?
Any suggestions/tips well appreciated.
Thanks,
rug