0
I am developing an application in php
and in the authentication part I have the following code :
public function chamaApi(){
// chamada na api via curl
$profile = json_decode($response);
if($profile->error != true){
self::openSession($profile->data->api_key);
}
}
$profile
gets the result returned by API
, (Login user ID, api access token, name and email).
public function openSession($profile){
$_SESSION['profile'] = $profile;
}
My question is whether there is any problem in managing the session
using the token
of access to API
(unique to each user). And if there is a problem, what would be the best way to manage Session for application security?
PS: no use framework!