29Oca
Session management and login PHP scripts
I want to write login scripts for clients websites to make them more secure. I want to know what best practices I can implement into this. There are password protected control panels in abundance, but very few seem to implement best practices in terms of code writing, speed and security.
I will be using PHP and a MySQL database. I used to use PBKDF2 and bcrypt for hashing. I use MVC for design pattern.
Some login scripts log the IP address throughout the session or even the user agent, but I want to avoid that as it isn't compatible with proxy servers.
I am also a little behind the best practices for using sessions in PHP 5, so some best practices with this would be helpful, and also an example would be very helpful.