Are sessions secure?

Ask about general coding issues or problems here.

Moderators: macek, egami, gesf

Xerpher
New php-forum User
New php-forum User
Posts: 164
Joined: Tue Aug 27, 2002 8:25 pm
Location: Ontario, Canada
Contact:

Are sessions secure?

Postby Xerpher » Mon Sep 02, 2002 4:14 pm

I've been reading about PHP sessions and they don't seem secure... so I was wondering all of your opinions... Of couse if its some simple variable its no big deal, but other than that, maybe I should stick with cookies :?

elitecodex
New php-forum User
New php-forum User
Posts: 68
Joined: Tue Jul 09, 2002 8:45 am
Location: East Coast, USA
Contact:

Postby elitecodex » Tue Sep 03, 2002 10:56 am

How dont they seem secure? They are not sent across the internet and the only way to obtain their data without you is to hack the actual server itself (and then you have to know where the session data is kept). I noticed by default its in the /tmp in Linux, and wherever in Windows (I believe its the session.save_path in the php.ini file), but this is easily changed. Im not the greatest in either security or webserver administration. But I believe as long as you have a secure server, your session data should be just as secure.

Just my opinion :)

Will

Jay

Postby Jay » Tue Sep 03, 2002 11:12 am

A session basically works by the server placing a cookie on your PC with a unique code (the session value). Every time you access a page from the same site, your browser sends back the cookie values before it requests the page. The server sees the session value, and also uses any session variables which are stored on the server using the same session ID! It then generates the page and sends it back to the user!

So sessions are basically secure per se, until someone guesses your session ID (which is a 32 alphanumeric character) while it's active or hacks into the server!

DoppyNL

Postby DoppyNL » Tue Sep 03, 2002 12:39 pm

keep also in mind that when sessions are working via the URL (when user has cookies disabled), the user may copy the session id and send that to another user.....


Return to “PHP coding => General”

Who is online

Users browsing this forum: Bing [Bot] and 1 guest