[SOLVED] Cookies && sessions

[DEVILofDARKNESS]

Hi, I know there is a possible way to change the value of a cookie with help of javascript, so it is quit insecure for what I want to use it,

 

my question is , is this also possible with session?

Or are they save enough to use them for holding values?

[jackpf]

Sessions are stored on the server, js has no way of accessing them.

 

With the right security measures, cookies can be just as secure as sessions. Infact more so, as you can't get people hijacking cookies, plus no one can access another person's stored data by accessing the file which the session data is stored in.

[DEVILofDARKNESS]

Alright, you can't hijack the cookies from someone else,

but if you send with a cookie: points: 5,

the person can change that value in 999 if he wants to!

Okay, not if the integer is encrypted ofcourse

[jackpf]

Well, yeah, but if you check how many points they have against the database each time you request that cookie, if they're different, just kick them off.

[DEVILofDARKNESS]

Why would you still use cookies if U check every time your database .

Nevertheless, I know what I had to know Thanks

[jackpf]

Reduce server load, more secure. But yeah, cool.

[DEVILofDARKNESS]

*Felicitations with your 1000 Post

[jackpf]

Lol yeah, I need a life

[DEVILofDARKNESS]

I just see your almost the same age!, and your so much better =D

[jackpf]

Ahh I like computers. I have a job as a technician at my school, I get quite a bit of experience. And I don't really get out much