Link to home
Start Free TrialLog in
Avatar of JKNA_Chaps
JKNA_Chaps

asked on

Securing Php Sessions Without Relying on Cookies

Hi,

I am fairly new at php programming so please bear this in mind!

I have created a website in php that uses standard session code that if cookies are not enabled tags the session to the url. The problem that this presents is that if a logged in user sends the url to another user - with the tagged session attached to the url, the new user will have access to the users session  - and therefore be able to access the users profile etc. The only way I can fix this is stopping the session being carried in the url.  Users therefore have to have cookies enabled to use the site (login) - not entirely desirable.

Is there a secure way to pass the session data between pages without running the risk of users giving away their session data.

Thanks

JKNA_Chaps
ASKER CERTIFIED SOLUTION
Avatar of Asta Cu
Asta Cu
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Meant to include this synopsis from the above link....  Session support is enabled in PHP by default. If you would not like to build your PHP with session support, you should specify the --disable-session option to configure.

Thank you, I'm pleased to have been of some help to you.  Hopefully the next time we meet, I can provide you with what you deem to be "A" level support.
":0)
Asta