	[x] Posted via EE Mobile
	Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.

Question

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

8.7

php session security question

Asked by exxos_uk in PHP for Windows

After even more reading on sessions, what exactly can a user do if they get the session ID ? It is easy to do in FireBug, but does this mean they can read the session variables ? as far as I can tell the session information is encrypted ? Is there anyway to obtain session variables if someone has the session ID ? Would have thought it would be impossible for that to happen though I am not so sure anymore!

I think if I had a page which uses sessions and a simple example it just had 1 session variable called "count" that each time someone visited that page the count number would go up. So if someone got the session ID, they could in effect make the counter go up aswell ? but as far as I know, that couldn't actually know the variable was called "count" but they could maybe increase the count variable by hijacking session ID's ?

Get your answer NOW

20091111-EE-VQP-89 - Hierarchy / EE_QW_3_20080625

Hall of Fame

1. cxr199,146
2. Ray_Pas...190,049
3. shobinsun56,169
4. RQuadling52,200
5. angelIII41,328
6. bportlock41,297
7. gr8gonzo37,586
8. logudotcom35,473
9. gawai31,586
10. hielo31,450
11. Hube0230,325
12. wuff1uk25,375
13. racmail2...25,120
14. gamebits24,994
15. NerdsOfT...24,260
16. profya22,005
17. routinet21,600
18. fibo21,235
19. al3cs1219,700
20. BrianMM18,101
21. hernst4217,250
21. szewkam17,250
23. houssam...17,172
24. Michael70115,600
24. jet-black15,600
24. leakim97115,600

1. hernst42408,231
2. RQuadling370,702
3. Ray_Pas...291,043
4. hielo258,603
5. cxr226,531
6. angelIII149,945
7. logudotcom101,039
8. bportlock83,972
9. fibo79,852
10. nizsmo76,037
11. Roonaan74,638
12. glcummins74,482
13. nplib73,910
14. routinet67,575
15. techtonik62,233
16. steelseth1257,672
17. ldbkutty57,310
18. yodercm56,199
19. shobinsun56,169
20. gamebits54,069
21. Hube0252,425
22. TeRReF51,813
23. b0lsc0tt44,883
24. gawai39,661
25. gr8gonzo39,086

php session security question

Asked by exxos_uk in PHP for Windows

About this solution