FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Best practice, (secure), to save session data?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Best practice, (secure), to save session data? [message #178446 is a reply to message #178412] Mon, 18 June 2012 18:02 Go to previous messageGo to previous message
Chris Davies is currently offline  Chris Davies
Messages: 6
Registered: June 2012
Karma:
Junior Member
Jerry Stuckle <jstucklex(at)attglobal(dot)net> wrote:
> As I stated - this is not correct. No one needs to "brute force the
> data string" to get logged in - all they have to do is send the cookie.

My original quote suggested option 2 as getting access to the data stored
in the cookie. Real data stored in the cookie, not a session value that
would/could get you access to the data stored on the website. That you
might also be able to log in is a potential side-effect and was (from
my perspective, at least) irrelevant.

Chris
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Stats comp.lang.php (last 7 days)
Next Topic: Is spl_object_hash unique in the SQL sense? Can it be used as a unique SQL db column?
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Tue Nov 26 16:52:19 GMT 2024

Total time taken to generate the page: 0.05208 seconds