Commented out Code
You should remove code that is commented out. If you think that you might need it in the future, think about using version control.
set_session_id()
This is only called in your commented out code. Does the user have to call it manually? If they don't, get_session_id() will return a wrong result. Maybe rewrite it like this (you don't seem to be using the field $sessionID, so you might as well get rid of it):
public function get_session_id(){
return session_id();
}
if-else and session_exist
If you have code like this:
if( isset($_SESSION[$session_name]) ){
return true;
}
else{
return false;
}
you can rewrite it like this:
return isset($_SESSION[$session_name]);
Also, when you define a function like this, then use it. Instead of
if( !isset($_SESSION[$session_name]) ){
write
if(!session_exist($session_name]) ){
XSS
Using Session for XSS Session for XSS might be a possibility, depending on how your code is used. So in display_session I would clean the session with htmlentities to prevent XSS attacks.
Commented out Code
You should remove code that is commented out. If you think that you might need it in the future, think about using version control.
set_session_id()
This is only called in your commented out code. Does the user have to call it manually? If they don't, get_session_id() will return a wrong result. Maybe rewrite it like this (you don't seem to be using the field $sessionID, so you might as well get rid of it):
public function get_session_id(){
return session_id();
}
if-else and session_exist
If you have code like this:
if( isset($_SESSION[$session_name]) ){
return true;
}
else{
return false;
}
you can rewrite it like this:
return isset($_SESSION[$session_name]);
Also, when you define a function like this, then use it. Instead of
if( !isset($_SESSION[$session_name]) ){
write
if(!session_exist($session_name]) ){
XSS
Using Session for XSS might be a possibility, depending on how your code is used. So in display_session I would clean the session with htmlentities to prevent XSS attacks.
Commented out Code
You should remove code that is commented out. If you think that you might need it in the future, think about using version control.
set_session_id()
This is only called in your commented out code. Does the user have to call it manually? If they don't, get_session_id() will return a wrong result. Maybe rewrite it like this (you don't seem to be using the field $sessionID, so you might as well get rid of it):
public function get_session_id(){
return session_id();
}
if-else and session_exist
If you have code like this:
if( isset($_SESSION[$session_name]) ){
return true;
}
else{
return false;
}
you can rewrite it like this:
return isset($_SESSION[$session_name]);
Also, when you define a function like this, then use it. Instead of
if( !isset($_SESSION[$session_name]) ){
write
if(!session_exist($session_name]) ){
XSS
Using Session for XSS might be a possibility, depending on how your code is used. So in display_session I would clean the session with htmlentities to prevent XSS attacks.
Commented out Code
You should remove code that is commented out. If you think that you might need it in the future, think about using version control.
set_session_id()
This is only called in your commented out code. Does the user have to call it manually? If they don't, get_session_id() will return a wrong result. Maybe rewrite it like this (you don't seem to be using the field $sessionID, so you might as well get rid of it):
public function get_session_id(){
return session_id();
}
if-else and session_exist
If you have code like this:
if( isset($_SESSION[$session_name]) ){
return true;
}
else{
return false;
}
you can rewrite it like this:
return isset($_SESSION[$session_name]);
Also, when you define a function like this, then use it. Instead of
if( !isset($_SESSION[$session_name]) ){
write
if(!session_exist($session_name]) ){
XSS
Using Session for XSS might be a possibility, depending on how your code is used. So in display_session I would clean the session with htmlentities to prevent XSS attacks.