FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Best practice, (secure), to save session data?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Best practice, (secure), to save session data? [message #178450 is a reply to message #178446] Mon, 18 June 2012 19:13 Go to previous messageGo to previous message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
Senior Member
On 6/18/2012 2:02 PM, Chris Davies wrote:
> Jerry Stuckle<jstucklex(at)attglobal(dot)net> wrote:
>> As I stated - this is not correct. No one needs to "brute force the
>> data string" to get logged in - all they have to do is send the cookie.
>
> My original quote suggested option 2 as getting access to the data stored
> in the cookie. Real data stored in the cookie, not a session value that
> would/could get you access to the data stored on the website. That you
> might also be able to log in is a potential side-effect and was (from
> my perspective, at least) irrelevant.
>
> Chris

Yes, and my point was - you don't NEED access to the encrypted data.
All you need to do is send a copy of the cookie itself to log in.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Stats comp.lang.php (last 7 days)
Next Topic: Is spl_object_hash unique in the SQL sense? Can it be used as a unique SQL db column?
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Tue Nov 26 22:53:24 GMT 2024

Total time taken to generate the page: 0.03678 seconds