Solved

sessions

Posted on 2004-09-18
5
216 Views
Last Modified: 2006-11-17
I see scripts that seem to try and store session data and put it in the db.  or make functions just for sessions(that do what i dont know).  what is wrong with just using session_start() at the top of every page in your script then using session_destroy() at the logoff page?
0
Comment
Question by:chilled2003
  • 3
  • 2
5 Comments
 
LVL 49

Expert Comment

by:Roonaan
ID: 12090913
If you are on a shared server it might be so that the session files are stored accessable to other users. Typically you don't want that. People write custom session handler to be sure things are secured. They set up a database an call some custom session handling functions to let Php know they are using custom sessionhandling. It's all about security.
0
 

Author Comment

by:chilled2003
ID: 12090979
do they do something like encrypt the url session id or something?
0
 
LVL 49

Accepted Solution

by:
Roonaan earned 50 total points
ID: 12090990
Sometimes they do, but I intended to say they encrypt their session data.

On many servers there is something like just one directory where all the session textfiles are stored. Sometimes multiple websites store their sessions into the same directory. As a website manager you don't want other websites to read your sessions, just because they can access you plain text files. Therefor you encrypt your data so that even when they get to your files they cannot do harm in any way because everything is encrypted.

As a extra security item some website bind their sessions to the users IP-address or webbrowser, so that the session becomes invalid when it is called with a different ip or a different webbrowser.
0
 

Author Comment

by:chilled2003
ID: 12090998
cool.  thanks! :D
0
 

Author Comment

by:chilled2003
ID: 12091003
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question