Authentication and Sessions

Authentication and Sessions

El Forum
Guest

#12

02-05-2010, 10:18 AM

[eluser]Michael Wales[/eluser]

Quote:ok but can’t i simple juz copy the cookie when the user isn’t at his desk

Definitely but then we're getting into physical security issues. There's not much we can do to prevent this form of attack, except for CodeIgniter updating the session with a new ID every [insert configuration setting] seconds.

Messages In This Thread

Authentication and Sessions - by El Forum - 02-04-2010, 10:14 PM

Authentication and Sessions - by El Forum - 02-04-2010, 10:27 PM

Authentication and Sessions - by El Forum - 02-05-2010, 01:58 AM

Authentication and Sessions - by El Forum - 02-05-2010, 02:05 AM

Authentication and Sessions - by El Forum - 02-05-2010, 06:53 AM

Authentication and Sessions - by El Forum - 02-05-2010, 08:31 AM

Authentication and Sessions - by El Forum - 02-05-2010, 09:24 AM

Authentication and Sessions - by El Forum - 02-05-2010, 09:38 AM

Authentication and Sessions - by El Forum - 02-05-2010, 09:52 AM

Authentication and Sessions - by El Forum - 02-05-2010, 10:10 AM

Authentication and Sessions - by El Forum - 02-05-2010, 10:16 AM

Authentication and Sessions - by El Forum - 02-05-2010, 10:18 AM

Authentication and Sessions - by El Forum - 02-05-2010, 10:25 AM

Authentication and Sessions - by El Forum - 02-05-2010, 11:00 AM

Authentication and Sessions - by El Forum - 02-05-2010, 11:15 AM

Authentication and Sessions - by El Forum - 02-05-2010, 02:00 PM

Authentication and Sessions - by El Forum - 02-05-2010, 04:56 PM

Authentication and Sessions - by El Forum - 02-05-2010, 10:47 PM