Right way to check if session is valid

ghostwolfling

ghostwolfling

Member
Hello,

I am developing a custom service using python + django which interacts with a forum database. I need to verify if user session is valid.

Right now I:
  1. Check for 'xf_session' cookie.
  2. Check in a forum database if the session exists.
  3. Check if the session isn't expired (expiry_date > current date).
If I pass all these steps then I assume that user is logged in and I can do my stuff. It works as expected.

Could you tell me please if this approach is secure? Guess I need a few more verifications to prevent false logins, attacks and so on.

Thanks.
 
Last edited:
You must log in or register to reply here.

Similar threads

Orit
  • Question Question
XF 2.2 Is there a way to check from within a template if this is a specific widget, with an if statement?
Replies
1
Views
437
valdet
V
JoyFreak
  • Question Question
XF 2.2 Is there a way to check if there's a sidenav present on a page?
Replies
0
Views
394
JoyFreak
JoyFreak
Jaxel
Check If Model Exists and is Valid?
Replies
10
Views
2K
x4rl
x4rl
Top Bottom