.:: Bots United ::. - View Single Post

Ancient · **Re: cookie and session security -** 23-08-2007

Well I have just recently made cookies for AoEEmpire.com

I've made it so people create cookies with ID and Username.
So when they auto-login with Username and ID function.

But....
I don't know.
Could you check it out if you have time?
www.AoEEmpire.com

I've tried tampering with my Cookies, but they delete themselves when I open the site.

The IDs are quite simple. like 1,2,3 etc....
But, I figured if phpBB did it, I could too, but I don't know much about security stuff.
I've tried entering a hacking attempt incase the username or password weren't the same but that backfired so I took it out.

I have it so you can fetch MySQL Info with the Session_id
and Check if the Session_username is the same as the name it fetched then it would create more sessions with the fetched mysql data.
Should I give you the common.php?
It fetches everything but the md5 password...

Right now I'm trying to create sessions so I can display usernames within the last 15 minutes etc...
Hopefully I can get it up when I open the site.

	(#3)
Ancient PodBot MM's Laziest Waypointer Status: Offline Posts: 1,010 Join Date: Jan 2005 Location: Nebraska, United States of America	Re: cookie and session security - 23-08-2007 Well I have just recently made cookies for AoEEmpire.com I've made it so people create cookies with ID and Username. So when they auto-login with Username and ID function. But.... I don't know. Could you check it out if you have time? www.AoEEmpire.com I've tried tampering with my Cookies, but they delete themselves when I open the site. The IDs are quite simple. like 1,2,3 etc.... But, I figured if phpBB did it, I could too, but I don't know much about security stuff. I've tried entering a hacking attempt incase the username or password weren't the same but that backfired so I took it out. I have it so you can fetch MySQL Info with the Session_id and Check if the Session_username is the same as the name it fetched then it would create more sessions with the fetched mysql data. Should I give you the common.php? It fetches everything but the md5 password... Right now I'm trying to create sessions so I can display usernames within the last 15 minutes etc... Hopefully I can get it up when I open the site. [Web Designer][Waypointer][Gamer] CFE Games Administrator [CFE]Games.com [Never Trust the Untrusted]