How to Secure an Admin Panel in PHP Without Sessions
Admin panels created in the PHP language typically use sessions to store a username and password values after the user logs in. To secure an admin area without sessions, you can use cookies. Cookies store the username for the user account, so you know the user is logged in. After the user logs out, you delete the cookie. You detect whether the cookie is present before allowing the user to access the admin panel.
Other People Are Reading
Instructions
-
-
1
Right-click the logon processing page for your admin access panel. Click "Open With" and select your preferred PHP file.
-
2
Add the code to create a cookie for the logon process. The following PHP code creates a cookie file with the user's logon:
setcookie("user", "Alex Porter", time()+3600);
Change the "3600" parameter to the number of seconds you want to set up for the login period. In this example, the user stays logged in for an hour.
-
-
3
Save the PHP source code file and open the file that processes the logout feature in the admin panel.
-
4
Delete the cookie, which logs out the user. The following code deletes the cookie from the user's computer:
setcookie("user", "", time()-3600);
This function clears the cookie's value and sets the expiration time to a past time setting. This causes the browser to delete the file from the user's computer.
-
5
Save the logout file and open the admin panel and log in to test your new admin panel security code.
-
1
Tips & Warnings
Avoid storing the password in the cookie settings in case your user's computer gets hacked or stolen.
