Tutorials, PHP & MySQL

Naming your sessions

In PHP when you create a session and give it a name always make the name unique and not the same name as any variables you have.

For example if you create a session like this:

$_SESSION['username'] = $username;

You could override the session with the variable username a common example of this is if you had a list of user and had a query pulling out all the usernames from your database the loop would cause the last username in the loop to override the session, In this case the session is now the last user in the loop and is a major security vulnerability. 

To avoid this just make the session name unique from all variables used throughout the site like:

$_SESSION['loggedin'] = $username;

This makes sure it won't be over written and will save you hours of trying to find out what's going wrong.

David Carr

David Carr

For the past 12 years, I’ve been developing applications for the web using mostly PHP. I do this for a living and love what I do as every day there is something new and exciting to learn.

In my spare time, the web development community is a big part of my life. Whether managing online programming groups and blogs or attending a conference, I find keeping involved helps me stay up to date. This is also my chance to give back to the community that helped me get started, a place I am proud to be apart of.

Besides programming I love spending time with friends and family and can often be found together going out catching the latest movie, staying in playing games on the sofa or planning a trip to someplace I’ve never been before.