Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Native sessions or CI sessions.
Native sessions or CI sessions.
  • El Forum
    Guest
  •  
#10
04-08-2011, 05:01 AM

[eluser]EugeneS[/eluser]
[quote author="WanWizard" date="1301787014"]Sigh... Native sessions are NOT secure! They're quite easy to hijack, and if you're on a shared server, other sites can read your session files unless you're with a good hoster how has taken precautions.

CI's sessions use a session cookie that's encrypted, uses automatic session id rotation, and contains extra fields to prevent session hijacking.
Session data is stored server side in a database table (do not use cookie based sessions unless you store a very small amount of data), no data is ever sent to the client.[/quote]

again ... who said you native sessions not secured ?

1) how you will hijack it ? hack my PC ? hack server ? in both cases it is not native sessions problems it is server or user problems.

if you hack my PC - you will have full control over my PC, so session ID will be my last problem in the list. (database driven session IDs also will be accessible)

if you hack server then you will have access to the scripts = have access to the database login/passwd etc ...

do you really believe that it is easier to hack server to get access to stored sessions than hack server OR hack bugged scripts to get access to the database settings (login/passwd) and take session details from the database ? in database driven sessions we have two ways against 1 way ... so which one is more secured at least from this point of view ?

2) lets imagine you have write down my session ID ... lets imagine it is hijacked, so what ? what will you do with it ? Big Grin any ways server side checks will filter out you in both cases DB driven and native


sorry but your native sessions understanding is wrong. please read less blogs of the noobs. some one somewhere said this stupidity and now you says this ...

from the other point with the sessions stored in the DB you will all the time call the DB and load it with unnecessary queries which could be avoided, this will also slow down your application and for CI as for the "fastest" php framework this database sessions attitude is ridiculous.

more over i dont see how DB stored sessions are more secured than native as explained above Smile


Messages In This Thread
Native sessions or CI sessions. - by El Forum - 04-02-2011, 12:03 PM
Native sessions or CI sessions. - by El Forum - 04-02-2011, 12:30 PM
Native sessions or CI sessions. - by El Forum - 04-02-2011, 12:37 PM
Native sessions or CI sessions. - by El Forum - 04-02-2011, 12:58 PM
Native sessions or CI sessions. - by El Forum - 04-02-2011, 01:23 PM
Native sessions or CI sessions. - by El Forum - 04-02-2011, 03:32 PM
Native sessions or CI sessions. - by El Forum - 04-02-2011, 05:51 PM
Native sessions or CI sessions. - by El Forum - 04-03-2011, 03:42 PM
Native sessions or CI sessions. - by El Forum - 04-04-2011, 08:16 AM
Native sessions or CI sessions. - by El Forum - 04-08-2011, 05:01 AM
Native sessions or CI sessions. - by El Forum - 04-08-2011, 07:10 AM
Native sessions or CI sessions. - by El Forum - 04-08-2011, 07:25 AM
Native sessions or CI sessions. - by El Forum - 04-08-2011, 09:56 AM
Native sessions or CI sessions. - by El Forum - 04-08-2011, 11:54 AM
Native sessions or CI sessions. - by El Forum - 04-08-2011, 12:57 PM
Native sessions or CI sessions. - by El Forum - 04-08-2011, 01:06 PM
Native sessions or CI sessions. - by El Forum - 04-08-2011, 01:14 PM
Native sessions or CI sessions. - by El Forum - 04-11-2011, 09:49 AM
Native sessions or CI sessions. - by El Forum - 04-11-2011, 01:41 PM
Native sessions or CI sessions. - by El Forum - 05-04-2011, 03:43 PM
Native sessions or CI sessions. - by El Forum - 05-04-2011, 08:42 PM
Native sessions or CI sessions. - by El Forum - 05-04-2011, 10:20 PM
Native sessions or CI sessions. - by El Forum - 05-04-2011, 11:27 PM



Theme © iAndrew 2016 - Forum software by © MyBB