is there a way to work with sessions or cookies without a database?


Hi, I need to create a simple login form. I'm supposed to work without a database, and once the login accepts me, I redirect to the home.php page, but you can not directly access home.php . But they told me that it had to be done without a database, which does not fit me, since I know how to control the sessions with php, because I work with a database, but in this case I should not implement it. Any ideas?

asked by Raphael 16.10.2016 в 01:34

3 answers


The database is used as a data repository. Any other form of repository can serve. A .txt or a .json are useful enough. For example you can have keys.json

 { "pepe": "xkdkasdfjasdfsfasdf3234asfd",
   "claudia": "jasfasa39939d98asv88hz8d8f"

And instead of searching the database, look in the .json file

 $claves_json = file_get_contents("claves.json");
 $claves = json_decode($claves);
 //... obtener del cliente $usuario y $clave luego:
 if($clave == md5($claves[$usuario])){
     // ok, entrda correcta
     // mal, 


Never flat key stores in a database or in a txt. We must try to maintain the privacy of the user. Many people use the same key for many sites, saving the key without hashing (for example with md5) can be a security problem if someone hacks the site and takes the database or the key file.

answered by 16.10.2016 / 02:05

As you have been told, never save passwords in plain text, but I also do not recommend md5 since there are thousands of "translators" of md5, used in php hash

* En este caso, queremos aumentar el coste predeterminado de BCRYPT a 12.
* Observe que también cambiamos a BCRYPT, que tendrá siempre 60 caracteres.
$opciones = [
  'cost' => 12,
echo password_hash("rasmuslerdorf", PASSWORD_BCRYPT, $opciones)."\n";

source: link

answered by 17.10.2016 в 09:14

The login form, when sent, can go to an intermediate file, for example door.php, which has no screen output. In this file you receive the data of the form and you compare them with the user and password strings that must be right there in the door.php. If they match, you make a header location to home.php. If they do not match, you can return it with another header location to the form with a message. To secure the home.php file you can do a lot of things, such as requiring a session variable that was created in the door.php, or a conditional that makes if the home.php does not have a referral (a page that called it), destroy the session and send it to the login.

answered by 18.10.2016 в 19:26