Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Libraries & Helpers Session Fixing Library
Session Fixing Library
  • El Forum
    Guest
  •  
#6
07-08-2013, 09:12 AM

[eluser]WanWizard[/eluser]
Quote:In the default library, decrypting the cookie gives you access to the complete content of the session
Not when the session data is stored server-side, which you should ALWAYS configure.

In that case, the cookie only contains:
Code:
foreach (array('session_id','ip_address','user_agent','last_activity') as $val)

So no payload in the cookie.

This invalidates your other points too, as they are based on the assumption that session data is stored client side.


Messages In This Thread
Session Fixing Library - by El Forum - 07-08-2013, 03:36 AM
Session Fixing Library - by El Forum - 07-08-2013, 03:49 AM
Session Fixing Library - by El Forum - 07-08-2013, 04:15 AM
Session Fixing Library - by El Forum - 07-08-2013, 04:29 AM
Session Fixing Library - by El Forum - 07-08-2013, 06:00 AM
Session Fixing Library - by El Forum - 07-08-2013, 09:12 AM
Session Fixing Library - by El Forum - 07-08-2013, 06:19 PM
Session Fixing Library - by El Forum - 07-17-2013, 11:22 PM



Theme © iAndrew 2016 - Forum software by © MyBB