chmpdog Posted February 17, 2009 Share Posted February 17, 2009 Hi, On my site I hold some pretty valuable data in $_sessions. Is this a bad idea, and what can I do about it? Link to comment https://forums.phpfreaks.com/topic/145494-_session-security/ Share on other sites More sharing options...
premiso Posted February 17, 2009 Share Posted February 17, 2009 Depends on what type of valuable data. It is safer then storing it as a cookie, but if it is very valuable you may be better of re-querying it when you need to. Link to comment https://forums.phpfreaks.com/topic/145494-_session-security/#findComment-763857 Share on other sites More sharing options...
haku Posted February 17, 2009 Share Posted February 17, 2009 For the most part sessions are safe, though they can be hacked in various ways. One problem is shared hosts - usually all accounts on the host will use the same folder for sessions, and some sites have been hacked that way. Another is spoofing of session IDs. But, hacking sessions is not particularly easy. If you can help it, don't pull sensitive data out of your database. For example, many people when designing login scripts pull out the password, and compare it to the entered password using PHP. But its better to just search for the username password combination of the database, and see if there are any results. Link to comment https://forums.phpfreaks.com/topic/145494-_session-security/#findComment-763940 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.