ridiculous Posted March 24, 2007 Share Posted March 24, 2007 Does it matter how and where they're stored? I was reading through this tutorial and I can across a discussion on where sessions are stored. I was under the impression that this wasn't something I had to worry about... http://www.brainbell.com/tutorials/php/Where_To_Store_The_Sessions.htm Quote Link to comment https://forums.phpfreaks.com/topic/44086-storing-sessions/ Share on other sites More sharing options...
cmgmyr Posted March 24, 2007 Share Posted March 24, 2007 it's really up to you, you can also store them in a database... Quote Link to comment https://forums.phpfreaks.com/topic/44086-storing-sessions/#findComment-214080 Share on other sites More sharing options...
ridiculous Posted March 24, 2007 Author Share Posted March 24, 2007 Another question: What happens when your site uses sessions to allow users access to certain pages but they've disabled cookies? I see this site, for instance, has the session number stored in the address bar. Is there a more clandestine way to handle such a situation? Quote Link to comment https://forums.phpfreaks.com/topic/44086-storing-sessions/#findComment-214082 Share on other sites More sharing options...
ridiculous Posted March 24, 2007 Author Share Posted March 24, 2007 I see this in the php manual http://www.php.net/manual/en/ref.session.php "A visitor accessing your web site is assigned a unique id, the so-called session id. This is either stored in a cookie on the user side or is propagated in the URL." Doesn't sending the session id through the address bar pose a security risk? Should and CAN this be encrypted with mcrypt? Quote Link to comment https://forums.phpfreaks.com/topic/44086-storing-sessions/#findComment-214083 Share on other sites More sharing options...
fert Posted March 24, 2007 Share Posted March 24, 2007 Doesn't sending the session id through the address bar pose a security risk? No, because the sessions are usually stored outside of the web root directory. Quote Link to comment https://forums.phpfreaks.com/topic/44086-storing-sessions/#findComment-214117 Share on other sites More sharing options...
wildteen88 Posted March 24, 2007 Share Posted March 24, 2007 It could cause a session hijack. However the person that hijacks your session has to be in the same room as you. Also the session id is already encrypted. I believe by default it uses a random md5 hash for the session name. Quote Link to comment https://forums.phpfreaks.com/topic/44086-storing-sessions/#findComment-214320 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.