Solved

Sessions

Posted on 2006-11-04
6
205 Views
Last Modified: 2008-03-06
Is there any problem with using sessions on a local network instead of internet? For example: If i have a computer(server) connected to around 100 computers through a just a local network(not internet).
0
Comment
Question by:madman77450
  • 3
  • 2
6 Comments
 
LVL 19

Expert Comment

by:VoteyDisciple
ID: 17874302
The only concern that springs to mind is that if all users of the system have access to the directory where session files are stored, you introduce the risk that somebody could take over somebody else's session.  That's easy to prevent with proper permissions on the server, it's just something to keep in mind in that type of environment.

As far as the server itself is concerned, it has no idea whether you're on the internet or on a LAN; it just answers requests the same to everybody.
0
 
LVL 14

Expert Comment

by:Aamir Saeed
ID: 17874432
On SOME computers(LAN/Networks) where the user priviledges are restricted, php-session may act strange.
0
 
LVL 16

Accepted Solution

by:
ellandrd earned 160 total points
ID: 17875957
>>Is there any problem with using sessions on a local network instead of internet?

No - there is no issues or reported bugs to suggest a problem.  they should work fine.  I suspect that your PHP isnt configured correctly and this is why your sessions are working proper.

however, if you register a session on computer X, it will not be registered or available to use or view on computer Y.  each registered session is unique to each computer.

>>The only concern that springs to mind is that if all users of the system have access to the directory where session files are stored, you introduce the risk that somebody could take over somebody else's session

not in my life time, have i seem this happen!  i have developed a lot of web applications - custom build for large networks (e.g intranets) where 150+ users use each day and never has my session(s) get lost or mixed up with somebody else's session...  and all my sessions are stored in same directory on server...

>>That's easy to prevent with proper permissions on the server, it's just something to keep in mind in that type of environment.

I do agree with this statement.  PHP has to be configured correctly with the right permissions on the server running it

However session can expire when unactive for a period of time...but if you explain more what the issue is exactly, we can assist you more with a better answer.

Ellandrd
0
Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

 
LVL 16

Expert Comment

by:ellandrd
ID: 17875961
0
 
LVL 19

Expert Comment

by:VoteyDisciple
ID: 17876218
Sorry, I wasn't clear with that statement.  There definitely isn't a concern about PHP losing track of who has which session.  Without deliberate interference, PHP will never mix up two sessions.

The concern I was bringing up is of a user on the system deliberately accessing the session files, and using that information to deliberately hijack somebody else's session.  That is absolutely possible if permissions are incorrectly set.  A lot of the time the web server is accessible by a limited group of people, so permissions on session files aren't of any concern; in an environment where ordinary users have access to the server this suddenly becomes a very real concern.

Again, as I said, if the permissions are set such that regular users cannot access the session files, then this poses no risk at all.  It's just something to watch out for.
0
 
LVL 16

Expert Comment

by:ellandrd
ID: 17876621
thanks for the points and grade

ellandrd
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
mysqli_query() expects parameter 1 to be msqli, string given in 4 64
Cpanel file manager 8 41
Is there a simpler dropbox system? 10 34
Help with PHP 13 27
This article will explain how to display the first page of your Microsoft Word documents (e.g. .doc, .docx, etc...) as images in a web page programatically. I have scoured the web on a way to do this unsuccessfully. The goal is to produce something …
Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question