Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion What libraries/plugin/helpers that you always use for your application?
What libraries/plugin/helpers that you always use for your application?
  • El Forum
    Guest
  •  
#6
11-28-2007, 03:47 PM

[eluser]eedfwChris[/eluser]
[quote author="Derek Allard" date="1196282996"][quote author="webPragmatist" date="1196241602"]
CI Session library (SVN):
http://dev.ellislab.com/svn/CodeIgniter/...ession.php
Although neither address session fixation...[/quote]

Could you elaborate what you mean here? While nothing provides perfect security, the session lib you're discussing does have safeguards against session fixation.[/quote]

Hi Derek,

As far as I am aware the Session library I am using does not store the actual AGE of the session in order to regenerate a Session ID nor "roll" the Session ID as a user browses the page. Either of these methods would help protect against a Session ID having too long of a lifetime thus allowing a potential "predator" to fixate on a specific Session ID in order to gain access. This is just one of many methods that could be employed to further enhance session security.

A good example of changing Session IDs to prevent Session fixation is used in this Native Session library written by tomcode http://codeigniter.com/wiki/Native_session/, though I don't use it because it does not support DB data storage.


Messages In This Thread
What libraries/plugin/helpers that you always use for your application? - by El Forum - 11-28-2007, 03:47 PM



Theme © iAndrew 2016 - Forum software by © MyBB