FUDforum: comp.lang.php » session cookie: client side

Home » Imported messages » comp.lang.php » session cookie: client side

Show: Today's Messages :: Polls :: Message Navigator

Re: session cookie: client side [message #175892 is a reply to message #175871]

Fri, 04 November 2011 06:14

sl@exabyte
Messages: 16
Registered: March 2011

Karma:

Junior Member

> I don't know I understood your question totally but...
>
> If the user can read the session cookie then any others can read the
> session cookie. The browser can't recognize who sits in front of the
> monitor.
>
> Another way: If user can read session cookie + it's not an SSL
> channel -> any others can sniff it (local machine or another machine
> on the route/wifi)
>
> Mechanism: on server side the system generates a Session ID (SID).
> The SID identifies the session datas ($_SESSION in PHP). The Server
> store session data in a file or database. on client side the client
> knows only the SID but the client doesn't know session data, only ID.
> Client sends its SID, the server find data.
>
> So... for example: If you test IP of the client and SID your can
> secure the session from outside of the box but you can't do it with
> inside of the box.
>
> Use SSL + check IP + never-never-ever store important information in
> cookies.

I am a bit confused now.

For example, using the Opera browser, a user can check a cookie value. I
understand that this value is used to identify a user, ie I can read it. But
other people, on LAN or internet, cannot read it because when I send data,
the data is enrcypted via https.

I suppose the cookie value is the Session ID.

Report message to a moderator

[Message index]

		session cookie: client side By: sl@exabyte on Thu, 03 November 2011 09:10
		Re: session cookie: client side By: Balazs Nadasdi on Thu, 03 November 2011 12:23
		Re: session cookie: client side By: sl@exabyte on Fri, 04 November 2011 06:14
		Re: session cookie: client side By: Jerry Stuckle on Fri, 04 November 2011 11:55
		Re: session cookie: client side By: sl@exabyte on Fri, 04 November 2011 14:21
		Re: session cookie: client side By: Jerry Stuckle on Fri, 04 November 2011 18:40
		Re: session cookie: client side By: Denis McMahon on Fri, 04 November 2011 15:53
		Re: session cookie: client side By: Jerry Stuckle on Fri, 04 November 2011 18:41
		Re: session cookie: client side By: Denis McMahon on Fri, 04 November 2011 15:52

Previous Topic:	sqlite and php
Next Topic:	simple session question

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Sat Oct 05 13:19:25 GMT 2024

Total time taken to generate the page: 0.05341 seconds