Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Libraries & Helpers Session Fixing Library
Session Fixing Library
  • El Forum
    Guest
  •  
#3
07-08-2013, 04:15 AM

[eluser]Stratadox[/eluser]
Even if the default 'sessions' are also saved in the database, modifying the cookie modifies the session. This means anyone with access to the cookie and the means to re-encrypt it could insert their own session content - which produces unchecked user input on a very sensitive level. Not very secure.

The cookie CI uses is encrypted, but once the encryption is broken an intruder has access to all the session data.

Using this library, however, if a hacker decrypts the cookie, all they gain is the session id - something that is usually stored unencrypted. The session id alone cannot modify or even read the session data.

As for the PHP 5.4 thing, the library has a dependency on session_status which is introduced in 5.4. Using the latest PHP version is recommended whether you use this library or not.


Messages In This Thread
Session Fixing Library - by El Forum - 07-08-2013, 03:36 AM
Session Fixing Library - by El Forum - 07-08-2013, 03:49 AM
Session Fixing Library - by El Forum - 07-08-2013, 04:15 AM
Session Fixing Library - by El Forum - 07-08-2013, 04:29 AM
Session Fixing Library - by El Forum - 07-08-2013, 06:00 AM
Session Fixing Library - by El Forum - 07-08-2013, 09:12 AM
Session Fixing Library - by El Forum - 07-08-2013, 06:19 PM
Session Fixing Library - by El Forum - 07-17-2013, 11:22 PM



Theme © iAndrew 2016 - Forum software by © MyBB