dragunu Posted May 25, 2007 Share Posted May 25, 2007 hello , I was just wondering, is it possible for a third party to manipulate your Session variables while ure in a session? I know that you SID can be hijacked thru header modification if someone knows ur session ID, therefore that is counteracted by regenerating session id's, but i am wondering if the actual session variables can be manipulated or not. I think that they cannot since they are set on the server itself but still i wanted some reassurance:) thanks william Quote Link to comment Share on other sites More sharing options...
MadTechie Posted May 25, 2007 Share Posted May 25, 2007 only via the server.. so not direct from the user.. UNLESS the sessions are stored in the tmp folder resideing in the webshared folder! Quote Link to comment Share on other sites More sharing options...
dragunu Posted May 25, 2007 Author Share Posted May 25, 2007 only via the server.. so not direct from the user.. UNLESS the sessions are stored in the tmp folder resideing in the webshared folder! i see so to stay safe is to set the session save path in your home directory. Quote Link to comment Share on other sites More sharing options...
MadTechie Posted May 25, 2007 Share Posted May 25, 2007 providing it can't be accessed remotely Quote Link to comment Share on other sites More sharing options...
dragunu Posted May 25, 2007 Author Share Posted May 25, 2007 providing it can't be accessed remotely cheers Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.