Session Based Authentication - Session Hijacking & Fixation

Session Based Authentication - Session Hijacking & Fixation - Build Expense Tracker App With PHP 8

Рет қаралды 8,569

Program With Gio

Күн бұрын

Пікірлер: 31

@brazenbull36 2 жыл бұрын

I've moved to python recently and found your channel. Just can't believe you are giving out these for free!

@ProgramWithGio 2 жыл бұрын

PHP is great & I want to make sure there is a full tutorial on it available for free for everyone who wants to learn it. By full I mean starting all the way from the beginning & build all the way up to make an application in PHP & deploy it. That is why it is a very long playlist with over 100 videos.

@Zubbee 2 жыл бұрын

Me too. It still baffles me that this is for free.

@martinnyagah4313 2 жыл бұрын

Program with Gio is a rare kind. ❤

@toy_woody 2 жыл бұрын

I love you George! Keep going, you are awesome!

@ProgramWithGio 2 жыл бұрын

Love you back buddy, thank you 🙌

@mibSuperStar Жыл бұрын

Hi. It's look like you didn't use Validator in logIn method. Validator have been created, but function validate isn't being called and ValidateException isn't being throwned

@ProgramWithGio 11 ай бұрын

Yes, you are right. We refactor that later on & we do call the validate on it afterwards

@benderbg 2 ай бұрын

16:59 This code smells but it's the smell of success! That's the best kind of smell 😎

@ProgramWithGio 2 ай бұрын

I like the smell of success :)

@Zubbee 2 жыл бұрын

Hi Gio this is more advanced stuff. We've really come along way. I checked out my cookies on youtube and they were many! and I did see some those http only and secure options. I may need to re-watch the earlier videos. I must have missed something. Also I'm yet to grab working with twig but like you said, I'll concentrate on php first. Thanks Gio

@ProgramWithGio 2 жыл бұрын

Yup, authentication in general is a bit complicated subject, a lot of pieces to the puzzle. But it's also one of the most important subjects & allows us to learn more about security.

@-Edijs Жыл бұрын

What is your usual approach with http status codes - do you use constants from something like symfony/http-foundation/Response? Currently we are hard coding integers which might be a bit ambigous.

@ProgramWithGio Жыл бұрын

Depends on the size of the app but usually it's just hardcoded integers

@Zubbee 2 жыл бұрын

Cool! Like clockwork. Thanks Gio

@ProgramWithGio 2 жыл бұрын

You're welcome 💙

@aerohcss Ай бұрын

In my browser Session ID changes itself after every log in but i guess it's better to force regenerate it

@ProgramWithGio Ай бұрын

👍

@gerasimos-dimitriostheotok7071 2 жыл бұрын

Lovely tut Gio! I have 2 questions: 1) According to Slim docs, a middleware is callable. How do you achieve to pass a class in the route without instantiating it and without using an __invoke() magic method? I'm mostly asking cause i cannot find this in the docs. Actually your approach looks even better to me since you are implementing directly the PSR interfaces. I just want to understand how it works. 2) In your middleware, in which way the ResponseFactoryInterface is resolved?

@ProgramWithGio 2 жыл бұрын

Thank you. So for middleware if you inspect the add method you will see that it checks if the given class is instance of middlewareinterface, if it is then it calls process method, if its a callable it handles that as well & it also has the check if the given argument is a string which is the case for examples in this video. If its a string it then attempts to resolve the class. So its taken care of by the add method. About the ResponseFactoryInterface its resolved via container, we added that in one of the previous lessons and bound the interface to concrete implementation so when we inject the interface in constructor container knows how to auto resolve it to the correct class.

@gerasimos-dimitriostheotok7071 2 жыл бұрын

@@ProgramWithGio That’s awesome Gio! Thanks a lot for the response and keep up the good work ❤️

@karlson2804 2 жыл бұрын

Hi Gio, will be playlist about laravel 9 ?

@ProgramWithGio 2 жыл бұрын

By the time I make Laravel playlist it might be about Laravel 10 or 11 🙂. We'll see

@memack101 2 жыл бұрын

Thank you.

@ProgramWithGio 2 жыл бұрын

You're welcome

@FGj-xj7rd 2 жыл бұрын

Long live Laravel auth 😅

@ProgramWithGio 2 жыл бұрын

😂 yup, Laravel provides Auth & many other things out of the box which speeds up development by alot

@illegalsmirf 2 жыл бұрын

So, it seems like the best thing to do - if you're developing on PHP - is to use an existing framework, rather than write stuff from scratch? Plus, don't you always need to implement huge amounts of JavaScript no matter what? Might be just as well to do everything in JavaScript.

@ProgramWithGio 2 жыл бұрын

If you want to build something fast and be able to maintain it properly then yes. For small projects building things from scratch should be fine but as things get more complicated & more features are needed then framework is better. You can for sure do everything in JavaScript if that's what you like & prefer to do. I personally try to use PHP on back-end as an API layer and JS on front-end.