So I've been told that this method is not secure, as people can fake sessions and use it's variables.
Here is a small part of my script:
<div class="panel-body text-center">
<?php
if(!isset($_SESSION['steamid'])) {
steamlogin(); //login button
}
else
{
include ('steamauth/userInfo.php');
include ('db.php');
$mysqli = mysqli_query($db,"UPDATE `users_steam` SET name='".$steamprofile['personaname']."', avatar='".$steamprofile['avatarfull']."' lastseen='".time()."' WHERE steamid='".$_SESSION["steamid"]."'");
echo "<img class='img-responsive center-block rounded' src='".$steamprofile['avatarmedium']."' title='' alt='' /></img><br>"; // Display their avatar!
echo "<span>".$steamprofile['personaname']."</span>";
logoutbutton();
}
?>
</div>
If the user is not logged in, the login button is displayed. If opposite, then I display his avatar and name, and also update my database.
$_SESSION['steamid'] variable cointains user STEAM ID, which is retrieved when user logs in through steam. Is there any other way than $_SESSION variables to contain this ID and use it further in my website?
Thanks