Lodius2000 Posted July 14, 2008 Share Posted July 14, 2008 so i know a little about sessions but heres my question if my page logic goes session_start(); if ($_SESSION['user']){ display page } what is to stop someone from going to www.blah.com/index.php where that page contains session_start(); $_SESSION['user'] = "blah"; and then redirecting their browser to my page. would that give them access to my sensitive pages? if no why not and if yes what can i do to make my page more secure? thanks Link to comment https://forums.phpfreaks.com/topic/114583-solved-sessions-and-security-theory-question/ Share on other sites More sharing options...
unsider Posted July 14, 2008 Share Posted July 14, 2008 The session values are based on the server, not the browser. Try it, go register at some other site, and once the session values are set at that site (blah.com) go to your page and see if the session values carry over. They won't. Same thing goes for trying to use 2 seperate windows, it just wouldn't work. Link to comment https://forums.phpfreaks.com/topic/114583-solved-sessions-and-security-theory-question/#findComment-589174 Share on other sites More sharing options...
Lodius2000 Posted July 14, 2008 Author Share Posted July 14, 2008 thanks didnt know they were server based, thought they were in the browser SOLVED Link to comment https://forums.phpfreaks.com/topic/114583-solved-sessions-and-security-theory-question/#findComment-589177 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.