spfoonnewb Posted January 27, 2007 Share Posted January 27, 2007 I have a login script that uses sessions and cookies, all the session will contain is the username of the user, and the password they are using (Encrypted). Each page behind that is using that session username and password, and testing it against the database before doing anything. If it doesn't match the database.. i.e it has been edited it redirects to the login page to fix the session.Right now I am forcing cookies, do you think that allowing PHPSID's would be a security vulnerability?[code]<?php SetCookie("COOKIE", "TEST"); if ($COOKIE == "TEST") { } else { header("location:cookies.php");} ?> [/code] Quote Link to comment Share on other sites More sharing options...
chriscloyd Posted January 27, 2007 Share Posted January 27, 2007 wouldnt it be $_COOKIE['cookie'] Quote Link to comment Share on other sites More sharing options...
spfoonnewb Posted January 27, 2007 Author Share Posted January 27, 2007 Dunno, but that works fine, I am wondering about the security of not forcing cookies Quote Link to comment Share on other sites More sharing options...
Orio Posted January 27, 2007 Share Posted January 27, 2007 Read:http://www.sitepoint.com/blogs/2004/03/03/notes-on-php-session-security/http://phpsec.org/projects/guide/4.htmlOrio. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.