Is it safe to use sessions for user validation? |
As others have pointed out, your handling of input data and using it in a query is not "robust". OK, since you don't show that code I'll give you the benefit of the doubt.
Session data does have some vulnerability through cookie hijacking. It is a complex subject. OWAP does a much better job of explaining the pit falls than I could - read this. |
Messages In This Thread |
Is it safe to use sessions for user validation? - by ronaldv - 06-16-2017, 03:19 PM
RE: Is it safe to use sessions for user validation? - by marksman - 06-16-2017, 04:18 PM
RE: Is it safe to use sessions for user validation? - by skunkbad - 06-16-2017, 06:13 PM
RE: Is it safe to use sessions for user validation? - by InsiteFX - 06-17-2017, 03:49 AM
RE: Is it safe to use sessions for user validation? - by dave friend - 06-17-2017, 06:35 PM
RE: Is it safe to use sessions for user validation? - by ronaldv - 06-18-2017, 11:22 AM
|