Considerations when php uses session for customer verification

Assume that your php. register_globalsOn in ini, all post, get, cookie, and session variables with the same name will be mixed together. you can use $ HTTP _ * _ VARS [username] to determine the variable you want. however, even if the name is the same. variables_orderGPCS in ini are also

Assume that your php. in ini, register_globals = On, all post, get, cookie, and session variables with the same name will be mixed together, you can use $ HTTP _ * _ VARS ['username'] to determine the variable you want.

However, even if the name is the same. in ini, variables_order = 'gpcs 'is determined based on the priority level. values with low levels cannot be washed out. therefore, it is wise to use session_register ('Username') at the beginning. you can also use session_is_registered to determine whether the variable has been registered.

This is an example:

If (! Session_is_registered ('Username ')){
$ User_name = '';
Session_register ('Username ');
}

At the same time, make sure that in your php. ini, variables_order = 'gpcs '(default) S indicates that the session should be placed at the end, with priority.

Register_globals = On is a waste of system resources and is disabled in the optimization configuration. This avoids the so-called vulnerability.