• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 236
  • Last Modified:

sessions

I see scripts that seem to try and store session data and put it in the db.  or make functions just for sessions(that do what i dont know).  what is wrong with just using session_start() at the top of every page in your script then using session_destroy() at the logoff page?
0
chilled2003
Asked:
chilled2003
  • 3
  • 2
1 Solution
 
RoonaanCommented:
If you are on a shared server it might be so that the session files are stored accessable to other users. Typically you don't want that. People write custom session handler to be sure things are secured. They set up a database an call some custom session handling functions to let Php know they are using custom sessionhandling. It's all about security.
0
 
chilled2003Author Commented:
do they do something like encrypt the url session id or something?
0
 
RoonaanCommented:
Sometimes they do, but I intended to say they encrypt their session data.

On many servers there is something like just one directory where all the session textfiles are stored. Sometimes multiple websites store their sessions into the same directory. As a website manager you don't want other websites to read your sessions, just because they can access you plain text files. Therefor you encrypt your data so that even when they get to your files they cannot do harm in any way because everything is encrypted.

As a extra security item some website bind their sessions to the users IP-address or webbrowser, so that the session becomes invalid when it is called with a different ip or a different webbrowser.
0
 
chilled2003Author Commented:
cool.  thanks! :D
0
 
chilled2003Author Commented:
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now