Is it safe this method of implementation the users?
Quietly studying PHP and all that it involves.
Implemented the following authorization:
1. Hooked authorization via Steam
2. During login, if the user is not in the database, he added. If he is, then starts a session: $_SESSION['username'] = user id.
3. When clicking on "Exit" works unset($_SESSION['username']);
Safe whether this implementation?
In fact the input (login and password) on the steam website, and the site only receives a success or not. Can we ask the session of another user?
depends on what the script is invoked, As it will be hard to find and if there is a signature that the request is really from steam(if they check?))
Jeffrey_West answered on June 10th 19 at 15:46
User authorization API via Steam de-facto no harm can not bring. The API functionality does not allow to do something serious with your account, in addition to receiving information about the user in General and so public. As to whether another user to connect to someone else's session, you certainly can, if it is to know cookie. But how does he know them?