Tracking and Using Login State on the Server

The client-side session object cannot be depended upon to restrict access to sensitive data on the server. Its purpose, as described in the preceding section, is to keep track of the state of the client. The server-side session is responsible for tracking the state of the application on the server and can therefore be used to control user access.


FIGURE 10-2. The bad login message being displayed to the user

PHP was designed to be a web application from the start. Because sessions had already been implemented in other languages such as Perl and Java, it was natural to implement them in PHP as well. ...

Get Oracle Database Ajax & PHP Web Application Development now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.