Jump to content

Server side $_SESSION

Dorky

By Dorky
in PHP Coding Help

 Share

Recommended Posts

PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

You need a session id to be propagated as part of the http request in order to match that request with the correct session data. The session id either comes from a cookie or as a get parameter as part of the URL.

 

how does one keep the session completely server side.
There is no such thing.
Link to comment
Share on other sites
Dorky Member

Dorky

Posted
  • Author
Posted

that would explain why i cant find anything about it. i did find this http://www.herongyang.com/PHP/session_3.html very informative. well i supose some trickery to keep it safe using post could be performed but this project doesn't pay enough for all of that.  thx again guys. very helpful. i must say the custom captcha was easier then figuring out that when they say server side session its only half the truth.

how does one keep the session completely server side.
There is no such thing.

Link to comment
Share on other sites
GoneNowBye Member

GoneNowBye

Posted
Posted

Hey, i gtg to bed now so i must be quick

 

i avoid cookies and sessions, i use a session key embedded in the URL for everything. that way its in the get array and you can use some sort of tag [sESSION_KEY] for example and replace at the end of the file.

 

i replaced all my echo's with a function called "output" then processed the result, then echo'ed it.

 

Session keys also mean the user feels alot more secure, as there are no active means of tracking them present.

Link to comment
Share on other sites
xtopolis Member

xtopolis

Posted
Posted

Hey, i gtg to bed now so i must be quick

 

i avoid cookies and sessions, i use a session key embedded in the URL for everything. that way its in the get array and you can use some sort of tag [sESSION_KEY] for example and replace at the end of the file.

 

i replaced all my echo's with a function called "output" then processed the result, then echo'ed it.

 

Session keys also mean the user feels alot more secure, as there are no active means of tracking them present.

 

This post is full of erroneous information.  Sessions and cookies are just as secure using proper anti-session fixation techniques.  Daniel0 posted some information regarding session security awhile back.

 

To say that the user feels more secure is naive.  You don't know the opinion of all of your users, and it is rare to see professional, multi-million dollar companies employing your suggested technique of passing the SESSID via the URL.

Link to comment
Share on other sites
Dorky Member

Dorky

Posted
  • Author
Posted

no i believe the x dude is right. that is why i said trickery. because much of it would be required to make it secure. it would require multiple flat file entries in combination with a post or get to make this happen and with multiple users doing this all at once could cause some untold issues as well. it is never good to advise someone to do something that could be a security risk and i decided on session for this because of security. although im not happy about the http engineering that makes total server side sessions imposable i must live with it because it is the most secure therefor the right thing to do.

 

My experance and my opinion, you are entitled to your own.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.