chmpdog Posted February 17, 2009 Share Posted February 17, 2009 Hi, On my site I hold some pretty valuable data in $_sessions. Is this a bad idea, and what can I do about it? Quote Link to comment https://forums.phpfreaks.com/topic/145494-_session-security/ Share on other sites More sharing options...
premiso Posted February 17, 2009 Share Posted February 17, 2009 Depends on what type of valuable data. It is safer then storing it as a cookie, but if it is very valuable you may be better of re-querying it when you need to. Quote Link to comment https://forums.phpfreaks.com/topic/145494-_session-security/#findComment-763857 Share on other sites More sharing options...
haku Posted February 17, 2009 Share Posted February 17, 2009 For the most part sessions are safe, though they can be hacked in various ways. One problem is shared hosts - usually all accounts on the host will use the same folder for sessions, and some sites have been hacked that way. Another is spoofing of session IDs. But, hacking sessions is not particularly easy. If you can help it, don't pull sensitive data out of your database. For example, many people when designing login scripts pull out the password, and compare it to the entered password using PHP. But its better to just search for the username password combination of the database, and see if there are any results. Quote Link to comment https://forums.phpfreaks.com/topic/145494-_session-security/#findComment-763940 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.