FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » sessions causing refreshing not to work
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: sessions causing refreshing not to work [message #178331 is a reply to message #178330] Tue, 05 June 2012 18:52 Go to previous messageGo to previous message
Thomas 'PointedEars'  is currently offline  Thomas 'PointedEars'
Messages: 701
Registered: October 2010
Karma:
Senior Member
Peter H. Coffin wrote:

> On Tue, 05 Jun 2012 06:46:28 +0200, Thomas 'PointedEars' Lahn wrote:
>>> Set session.use_trans_sid, unset session.use_cookie, don't forget to
>>> grab the session ID out of the $_GET array for every page load. Yes,
>>> your URLs will be ugly, and it'll be not impossible for someone to end
>>> up screwing things somehow with URL bookmarking or sharing.
>>
>> More importantly, it will be a security hole to be exploited:
>>
>> < https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Manage_Sessi on_ID_as_Any_Other_User_Input>
>
> Sorry, I refuse to think of what *should be* expected behavior

It is by no means expected behavior.

> as a "security hole". People can manipulate cookie values almost as easily

Because of that, HTTP-only cookies have been invented.

> and they're no more trustworthy than a $_GET result.

Correct, but by contrast they are not stored unencrypted in the user's
history, cannot be accidentally transmitted, and so on.

> This doesn't even bear discussing separately, and doing so only ends up
> further complicating an issue that enough people have trouble learning
> into their bones in the first place.

You are wrong.


PointedEars
--
Use any version of Microsoft Frontpage to create your site.
(This won't prevent people from viewing your source, but no one
will want to steal it.)
-- from <http://www.vortex-webdesign.com/help/hidesource.htm> (404-comp.)
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: passing documents through pages
Next Topic: PHP Sessions and XML
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Fri Nov 29 23:31:31 GMT 2024

Total time taken to generate the page: 0.06280 seconds