[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

sessions

Posted on 2004-09-18
5
Medium Priority
?
231 Views
Last Modified: 2006-11-17
I see scripts that seem to try and store session data and put it in the db.  or make functions just for sessions(that do what i dont know).  what is wrong with just using session_start() at the top of every page in your script then using session_destroy() at the logoff page?
0
Comment
Question by:chilled2003
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 49

Expert Comment

by:Roonaan
ID: 12090913
If you are on a shared server it might be so that the session files are stored accessable to other users. Typically you don't want that. People write custom session handler to be sure things are secured. They set up a database an call some custom session handling functions to let Php know they are using custom sessionhandling. It's all about security.
0
 

Author Comment

by:chilled2003
ID: 12090979
do they do something like encrypt the url session id or something?
0
 
LVL 49

Accepted Solution

by:
Roonaan earned 200 total points
ID: 12090990
Sometimes they do, but I intended to say they encrypt their session data.

On many servers there is something like just one directory where all the session textfiles are stored. Sometimes multiple websites store their sessions into the same directory. As a website manager you don't want other websites to read your sessions, just because they can access you plain text files. Therefor you encrypt your data so that even when they get to your files they cannot do harm in any way because everything is encrypted.

As a extra security item some website bind their sessions to the users IP-address or webbrowser, so that the session becomes invalid when it is called with a different ip or a different webbrowser.
0
 

Author Comment

by:chilled2003
ID: 12090998
cool.  thanks! :D
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question