Solved

Sessions

Posted on 2006-11-04
6
206 Views
Last Modified: 2008-03-06
Is there any problem with using sessions on a local network instead of internet? For example: If i have a computer(server) connected to around 100 computers through a just a local network(not internet).
0
Comment
Question by:madman77450
  • 3
  • 2
6 Comments
 
LVL 19

Expert Comment

by:VoteyDisciple
ID: 17874302
The only concern that springs to mind is that if all users of the system have access to the directory where session files are stored, you introduce the risk that somebody could take over somebody else's session.  That's easy to prevent with proper permissions on the server, it's just something to keep in mind in that type of environment.

As far as the server itself is concerned, it has no idea whether you're on the internet or on a LAN; it just answers requests the same to everybody.
0
 
LVL 14

Expert Comment

by:Aamir Saeed
ID: 17874432
On SOME computers(LAN/Networks) where the user priviledges are restricted, php-session may act strange.
0
 
LVL 16

Accepted Solution

by:
ellandrd earned 160 total points
ID: 17875957
>>Is there any problem with using sessions on a local network instead of internet?

No - there is no issues or reported bugs to suggest a problem.  they should work fine.  I suspect that your PHP isnt configured correctly and this is why your sessions are working proper.

however, if you register a session on computer X, it will not be registered or available to use or view on computer Y.  each registered session is unique to each computer.

>>The only concern that springs to mind is that if all users of the system have access to the directory where session files are stored, you introduce the risk that somebody could take over somebody else's session

not in my life time, have i seem this happen!  i have developed a lot of web applications - custom build for large networks (e.g intranets) where 150+ users use each day and never has my session(s) get lost or mixed up with somebody else's session...  and all my sessions are stored in same directory on server...

>>That's easy to prevent with proper permissions on the server, it's just something to keep in mind in that type of environment.

I do agree with this statement.  PHP has to be configured correctly with the right permissions on the server running it

However session can expire when unactive for a period of time...but if you explain more what the issue is exactly, we can assist you more with a better answer.

Ellandrd
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 16

Expert Comment

by:ellandrd
ID: 17875961
0
 
LVL 19

Expert Comment

by:VoteyDisciple
ID: 17876218
Sorry, I wasn't clear with that statement.  There definitely isn't a concern about PHP losing track of who has which session.  Without deliberate interference, PHP will never mix up two sessions.

The concern I was bringing up is of a user on the system deliberately accessing the session files, and using that information to deliberately hijack somebody else's session.  That is absolutely possible if permissions are incorrectly set.  A lot of the time the web server is accessible by a limited group of people, so permissions on session files aren't of any concern; in an environment where ordinary users have access to the server this suddenly becomes a very real concern.

Again, as I said, if the permissions are set such that regular users cannot access the session files, then this poses no risk at all.  It's just something to watch out for.
0
 
LVL 16

Expert Comment

by:ellandrd
ID: 17876621
thanks for the points and grade

ellandrd
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Wordpress Security 29 71
What is this? I've never seen this... 2 28
How Close unsubmited attempts 10 42
Why is my $_POST not going to results page 10 32
Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
This article discusses how to create an extensible mechanism for linked drop downs.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question