FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » session cookie: client side
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: session cookie: client side [message #175892 is a reply to message #175871] Fri, 04 November 2011 06:14 Go to previous messageGo to previous message
sl@exabyte is currently offline  sl@exabyte
Messages: 16
Registered: March 2011
Karma:
Junior Member
> I don't know I understood your question totally but...
>
> If the user can read the session cookie then any others can read the
> session cookie. The browser can't recognize who sits in front of the
> monitor.
>
> Another way: If user can read session cookie + it's not an SSL
> channel -> any others can sniff it (local machine or another machine
> on the route/wifi)
>
> Mechanism: on server side the system generates a Session ID (SID).
> The SID identifies the session datas ($_SESSION in PHP). The Server
> store session data in a file or database. on client side the client
> knows only the SID but the client doesn't know session data, only ID.
> Client sends its SID, the server find data.
>
> So... for example: If you test IP of the client and SID your can
> secure the session from outside of the box but you can't do it with
> inside of the box.
>
> Use SSL + check IP + never-never-ever store important information in
> cookies.

I am a bit confused now.

For example, using the Opera browser, a user can check a cookie value. I
understand that this value is used to identify a user, ie I can read it. But
other people, on LAN or internet, cannot read it because when I send data,
the data is enrcypted via https.

I suppose the cookie value is the Session ID.
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: sqlite and php
Next Topic: simple session question
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Dec 22 06:54:08 GMT 2024

Total time taken to generate the page: 0.06157 seconds