May 9, 2012

PHP OOP: Job of Authenticator Class to retrieve current user via session?

Question by christian

I’m in the process of reorganizing an application.

At the start of my application I need an object to be initialized to represent the current user. I am planning an authentication class to handle logging in and logging out, and I am wondering if the initial session variable check for user id and database retrieval would be appropriate for this class as well or if there is a standard protocol?


Answer by Starx

Well, Of Course. Checking the session variables for user id at first is the right thing to do.

No matter what kind of authentication use, at a point you have to check if someone is already logged in or not. It is not even that complicated. For the simplest of use:

if(isset($_SESSION['logged_status']) && $_SESSION['logged_status'] ==1) {
    $this -> logged = true;

However, the database retrieval part as a session variable is not as secured as you want it to be. Although, caches records can be stored in the session without any risk.

Author: Nabin Nepal (Starx)

Hello, I am Nabin Nepal and you can call me Starx. This is my blog where write about my life and my involvements. I am a Software Developer, A Cyclist and a Realist. I hope you will find my blog interesting. Follow me on Google+


Please fill the form - I will response as fast as I can!