Some security concerns with session libary

Some security concerns with session libary

El Forum
Unregistered

07-13-2013, 05:06 AM

[eluser]terrorVogel[/eluser]
Hi all,

when you set sess_use_database to true, it seems that all data is still stored in the cookie. Actually the ip and browser check are against the values received from the client, and these values cannot be trusted.

I have modified the session libary that it suits my needs and i would like to share it with you. Feel free to use without warranty.

Changes: All session data will be stored in the database, the cookie will only contain the sessionId
Changes: A session is started only when data is needed to be stored.

have a nice day.

Messages In This Thread

Some security concerns with session libary - by El Forum - 07-13-2013, 05:06 AM

Some security concerns with session libary - by El Forum - 07-13-2013, 05:06 AM

Some security concerns with session libary - by El Forum - 07-13-2013, 05:57 AM

Some security concerns with session libary - by El Forum - 07-13-2013, 06:52 AM

Some security concerns with session libary - by El Forum - 07-13-2013, 08:12 PM

Some security concerns with session libary - by El Forum - 07-14-2013, 11:36 AM

Some security concerns with session libary - by El Forum - 07-14-2013, 12:19 PM

Some security concerns with session libary - by El Forum - 07-17-2013, 02:52 AM

Some security concerns with session libary - by El Forum - 07-17-2013, 04:00 AM

Some security concerns with session libary - by El Forum - 07-17-2013, 08:35 AM

Some security concerns with session libary - by El Forum - 07-17-2013, 09:15 AM