FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » session cookie: client side
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: session cookie: client side [message #175871 is a reply to message #175870] Thu, 03 November 2011 12:23 Go to previous messageGo to previous message
Balazs Nadasdi is currently offline  Balazs Nadasdi
Messages: 7
Registered: November 2011
Karma:
Junior Member
I don't know I understood your question totally but...

If the user can read the session cookie then any others can read the session cookie. The browser can't recognize who sits in front of the monitor.

Another way: If user can read session cookie + it's not an SSL channel -> any others can sniff it (local machine or another machine on the route/wifi)

Mechanism: on server side the system generates a Session ID (SID). The SID identifies the session datas ($_SESSION in PHP). The Server store session data in a file or database. on client side the client knows only the SID but the client doesn't know session data, only ID. Client sends its SID, the server find data.

So... for example: If you test IP of the client and SID your can secure the session from outside of the box but you can't do it with inside of the box..

Use SSL + check IP + never-never-ever store important information in cookies.
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: sqlite and php
Next Topic: simple session question
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Dec 22 06:56:47 GMT 2024

Total time taken to generate the page: 0.04771 seconds