cookie and session security
I don't really know how to use cookies so I've been using Sessions.
Is that safe? I've been putting passwords as md5, but I dunno if my portals are safe or not. I've heard that there are cookie injectors or something like that. |
Re: cookie and session security
well if memory serves me correctly.. Sessions are server-side info storages with Session IDs that are saved in cookies (client-side). So, unless there's a way for someone to steal a Session ID from someone then access the Session's info which is stored server-side, there shouldn't be any security problems.
|
Re: cookie and session security
Well I have just recently made cookies for AoEEmpire.com
I've made it so people create cookies with ID and Username. So when they auto-login with Username and ID function. But.... I don't know. Could you check it out if you have time? www.AoEEmpire.com I've tried tampering with my Cookies, but they delete themselves when I open the site. The IDs are quite simple. like 1,2,3 etc.... But, I figured if phpBB did it, I could too, but I don't know much about security stuff. I've tried entering a hacking attempt incase the username or password weren't the same but that backfired so I took it out. I have it so you can fetch MySQL Info with the Session_id and Check if the Session_username is the same as the name it fetched then it would create more sessions with the fetched mysql data. Should I give you the common.php? It fetches everything but the md5 password... Right now I'm trying to create sessions so I can display usernames within the last 15 minutes etc... Hopefully I can get it up when I open the site. |
Re: cookie and session security
I've just created a random 30 char code activation function so hopefully nobody will ever get to see them.
|
All times are GMT +2. The time now is 02:39. |
Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.