Welcome Guest, Not a member yet? Register   Sign In
User ID, session data and security
#12

[eluser]WanWizard[/eluser]
NO.

Native PHP sessions are NOT secure!

If you would opt to use the third party CI implementation of (what's imho wrongly called) native sessions, it uses the same cookie mechanism as the CI library, so all above applies. And since the ajax issue is related to how the session id is rotated, this implementation suffers from the same issues as well.

In the backend however, PHP stores it's session in shared file space on disk, in a plain serialized array, with read/write access by your web server. So any application can access the session data without any difficultly. Securing this is not for the faint harted.


Messages In This Thread
User ID, session data and security - by El Forum - 05-31-2011, 05:53 AM
User ID, session data and security - by El Forum - 05-31-2011, 06:36 AM
User ID, session data and security - by El Forum - 05-31-2011, 07:06 AM
User ID, session data and security - by El Forum - 05-31-2011, 07:11 AM
User ID, session data and security - by El Forum - 05-31-2011, 07:53 AM
User ID, session data and security - by El Forum - 05-31-2011, 08:18 AM
User ID, session data and security - by El Forum - 05-31-2011, 09:17 AM
User ID, session data and security - by El Forum - 05-31-2011, 09:36 AM
User ID, session data and security - by El Forum - 06-01-2011, 01:17 AM
User ID, session data and security - by El Forum - 06-01-2011, 02:57 AM
User ID, session data and security - by El Forum - 06-01-2011, 03:00 AM
User ID, session data and security - by El Forum - 06-01-2011, 03:10 AM
User ID, session data and security - by El Forum - 06-01-2011, 03:20 AM
User ID, session data and security - by El Forum - 06-01-2011, 03:26 AM
User ID, session data and security - by El Forum - 06-01-2011, 03:41 AM
User ID, session data and security - by El Forum - 06-01-2011, 06:16 AM
User ID, session data and security - by El Forum - 06-01-2011, 06:20 AM
User ID, session data and security - by El Forum - 06-01-2011, 11:38 AM
User ID, session data and security - by El Forum - 06-02-2011, 11:39 PM



Theme © iAndrew 2016 - Forum software by © MyBB