1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Right way to check if session is valid

Discussion in 'XenForo Development Discussions' started by ghostwolfling, Jan 7, 2016.

Tags:
  1. ghostwolfling

    ghostwolfling Member

    Hello,

    I am developing a custom service using python + django which interacts with a forum database. I need to verify if user session is valid.

    Right now I:
    1. Check for 'xf_session' cookie.
    2. Check in a forum database if the session exists.
    3. Check if the session isn't expired (expiry_date > current date).
    If I pass all these steps then I assume that user is logged in and I can do my stuff. It works as expected.

    Could you tell me please if this approach is secure? Guess I need a few more verifications to prevent false logins, attacks and so on.

    Thanks.
     
    Last edited: Jan 7, 2016

Share This Page