Re: Information on Cookies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 2008-10-19 at 19:12 -0500, Micah Gersten wrote:
> Don't use cookies, use sessions.
> 
> Thank you,
> Micah Gersten
> onShore Networks
> Internal Developer
> http://www.onshore.com
> 
> 
> 
> Ben Stones wrote:
> > I've read a few videos on cookie security and it makes sense that people can
> > modify cookie values which is a problem I'm trying to figure out to *try*
> > and prevent. What I'll first do is at the top of the page that validates if
> > the cookie values is in the database, but what my next problem is they'd use
> > usernames in the database as the vaues. Are there any preventable measures
> > to prevent cookie forging or what not.
> >
> > Thanks.
> >
> >   
> 
Yeah, sessions are the way to go with this. They are (more often than
not) just special cookies themselves, and the only bit of information
stored is the session id in the cookie, and the rest is stored in server
memory (or sometimes a text file on the server.) The chances of someone
forging this is much less, and if you use sessions with https then this
is reduced much more, but at the end of the day, nothing is foolproof...


Ash
www.ashleysheridan.co.uk


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux