Board index   FAQ   Search  
Register  Login
Board index php forum :: php coding PHP coding => General

Are sessions secure?

Ask about general coding issues or problems here.

Moderators: macek, egami, gesf

Are sessions secure?

Postby Xerpher » Mon Sep 02, 2002 4:14 pm

I've been reading about PHP sessions and they don't seem secure... so I was wondering all of your opinions... Of couse if its some simple variable its no big deal, but other than that, maybe I should stick with cookies :?
Xerpher
New php-forum User
New php-forum User
 
Posts: 164
Joined: Tue Aug 27, 2002 8:25 pm
Location: Ontario, Canada

Postby elitecodex » Tue Sep 03, 2002 10:56 am

How dont they seem secure? They are not sent across the internet and the only way to obtain their data without you is to hack the actual server itself (and then you have to know where the session data is kept). I noticed by default its in the /tmp in Linux, and wherever in Windows (I believe its the session.save_path in the php.ini file), but this is easily changed. Im not the greatest in either security or webserver administration. But I believe as long as you have a secure server, your session data should be just as secure.

Just my opinion :)

Will
elitecodex
New php-forum User
New php-forum User
 
Posts: 68
Joined: Tue Jul 09, 2002 8:45 am
Location: East Coast, USA

Postby Jay » Tue Sep 03, 2002 11:12 am

A session basically works by the server placing a cookie on your PC with a unique code (the session value). Every time you access a page from the same site, your browser sends back the cookie values before it requests the page. The server sees the session value, and also uses any session variables which are stored on the server using the same session ID! It then generates the page and sends it back to the user!

So sessions are basically secure per se, until someone guesses your session ID (which is a 32 alphanumeric character) while it's active or hacks into the server!
Jay
 

Postby DoppyNL » Tue Sep 03, 2002 12:39 pm

keep also in mind that when sessions are working via the URL (when user has cookies disabled), the user may copy the session id and send that to another user.....
DoppyNL
 


Return to PHP coding => General

Who is online

Users browsing this forum: Majestic-12 [Bot] and 1 guest

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.

cron