Welcome Guest, Not a member yet? Register   Sign In
Is Session a safe place to store data ?
#2

Yes you can use sessions for that.

The session data is stored on the server, the client's browser is linked to its session on the server cased on the contents of a cookie containing only a reference ID. There are techniques where a hacker can 'hijack' someone else his session. You should have a look here: https://www.owasp.org/index.php/Session_...ing_attack to get familiarized with the methods that can be used to hijack a session and make sure your app does not allow any of those techniques.

Codeigniter also give you the option to link a session id to a particular IP address. This can prevent for example some evil hacker from the UK to take over the session from a client in the US. But this will also mean that a genuine user cannot use it's own session on his phone for example when switching from his mobile 3g connection to his wifi beacuse he will have a different IP address. So he must login again when switching networks.

PHP Code:
$config['sess_match_ip'] = TRUE
Reply


Messages In This Thread
RE: Is Session a safe place to store data ? - by Diederik - 07-23-2016, 11:27 PM



Theme © iAndrew 2016 - Forum software by © MyBB