dragunu Posted May 25, 2007 Share Posted May 25, 2007 hello , I was just wondering, is it possible for a third party to manipulate your Session variables while ure in a session? I know that you SID can be hijacked thru header modification if someone knows ur session ID, therefore that is counteracted by regenerating session id's, but i am wondering if the actual session variables can be manipulated or not. I think that they cannot since they are set on the server itself but still i wanted some reassurance:) thanks william Link to comment https://forums.phpfreaks.com/topic/52946-solved-a-small-concern-on-session-variables/ Share on other sites More sharing options...
MadTechie Posted May 25, 2007 Share Posted May 25, 2007 only via the server.. so not direct from the user.. UNLESS the sessions are stored in the tmp folder resideing in the webshared folder! Link to comment https://forums.phpfreaks.com/topic/52946-solved-a-small-concern-on-session-variables/#findComment-261457 Share on other sites More sharing options...
dragunu Posted May 25, 2007 Author Share Posted May 25, 2007 only via the server.. so not direct from the user.. UNLESS the sessions are stored in the tmp folder resideing in the webshared folder! i see so to stay safe is to set the session save path in your home directory. Link to comment https://forums.phpfreaks.com/topic/52946-solved-a-small-concern-on-session-variables/#findComment-261460 Share on other sites More sharing options...
MadTechie Posted May 25, 2007 Share Posted May 25, 2007 providing it can't be accessed remotely Link to comment https://forums.phpfreaks.com/topic/52946-solved-a-small-concern-on-session-variables/#findComment-261466 Share on other sites More sharing options...
dragunu Posted May 25, 2007 Author Share Posted May 25, 2007 providing it can't be accessed remotely cheers Link to comment https://forums.phpfreaks.com/topic/52946-solved-a-small-concern-on-session-variables/#findComment-261469 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.