Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion CI Session and Firesheap
CI Session and Firesheap
  • El Forum
    Unregistered
  •  
#2
11-05-2010, 02:21 PM

[eluser]WanWizard[/eluser]
Firesheep uses a technique called "sidejacking" which involves intercepting the session cookie.

If used properly, CI's session cookies are save from this technique, since they contain information that links the session to a specific PC and browser (using an IP and browser agent check).
Furthermore, a CI session cookie should be encrypted, which makes it useless for any interceptor, and should also contain absolutely NO user data (so don't use cookie only sessions, use the database or another server based storage system).

Another safe measure is to allow access to your site only via HTTPS. This encrypts the communication between browser and site, so nothing can be intercepted. Encryption is CPU intensive, so think about server sizing (or possible offloading) if you want to go this route.


Messages In This Thread
CI Session and Firesheap - by El Forum - 11-05-2010, 07:34 AM
CI Session and Firesheap - by El Forum - 11-05-2010, 02:21 PM
CI Session and Firesheap - by El Forum - 11-05-2010, 02:32 PM
CI Session and Firesheap - by El Forum - 11-05-2010, 02:41 PM



Theme © iAndrew 2016 - Forum software by © MyBB