TAG TAG - 21 days ago 10
PHP Question

User login authentication

I'm trying to learn user authentication while I'm building a small user login system.

I was wondering if I'm doing something right in regards to user authentication check with the my code below. Thanks for any input!

If(isset($_SESSION["UserID"])){

}else{

header("Location: page.php");

}


Or, doing something like this:

If(($_SESSION["UserID"] && $_SESSION["UserToken"])){

}else{

header("Location: page.php");

}


Token is created using bin2hex with the length the string length of the date.

Both appear to work fine. I just want to know if I'm doing this as intended or is there a better way?

Answer

Both look fine. Only thing is, that I am guessing you are previously setting those SESSION variables, when user types in his credentials into the login form and clicks on submit button?