Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Securing Php Sessions Without Relying on Cookies

Posted on 2004-04-06
3
Medium Priority
?
510 Views
Last Modified: 2011-09-20
Hi,

I am fairly new at php programming so please bear this in mind!

I have created a website in php that uses standard session code that if cookies are not enabled tags the session to the url. The problem that this presents is that if a logged in user sends the url to another user - with the tagged session attached to the url, the new user will have access to the users session  - and therefore be able to access the users profile etc. The only way I can fix this is stopping the session being carried in the url.  Users therefore have to have cookies enabled to use the site (login) - not entirely desirable.

Is there a secure way to pass the session data between pages without running the risk of users giving away their session data.

Thanks

JKNA_Chaps
0
Comment
Question by:JKNA_Chaps
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
3 Comments
 
LVL 27

Accepted Solution

by:
Asta Cu earned 375 total points
ID: 10765565
Have you searched our database here in the PHP Topic Area specifically to see if this has already been solved?

Does this, rather interesting,  workaround to session cookies help you at all?

The following describes the easiest way I have found to force users to log into an ASP.NET website for each session but not require them to accept cookies. You must do the following things.

Create a Web.config file with the appropriate entries to allow session state management.
Create a well formed Global.asax file with the code below included in it.
Create a login page to authenticate users against a database or whatever method you desire.
More here.
http://www.codeproject.com/aspnet/NoCookieSessionLogin.asp

----

Session cookies are deleted when browser is closed, but while in session, the problem you see if left logged in.

----

I also found the following article enlightening in researching your question, and hope it adds value for you as well:
Note: Session handling was added in PHP 4.0.

Sessions and security and much more here:
http://www.phpfreaks.com/phpmanual/page/ref.session.html
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 10765577
Meant to include this synopsis from the above link....  Session support is enabled in PHP by default. If you would not like to build your PHP with session support, you should specify the --disable-session option to configure.

0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 10774623
Thank you, I'm pleased to have been of some help to you.  Hopefully the next time we meet, I can provide you with what you deem to be "A" level support.
":0)
Asta
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Internet Explorer #Enterprise Mode #IE 11 #IE 8
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question