Solved

Sessions

Posted on 2006-11-04
6
202 Views
Last Modified: 2008-03-06
Is there any problem with using sessions on a local network instead of internet? For example: If i have a computer(server) connected to around 100 computers through a just a local network(not internet).
0
Comment
Question by:madman77450
  • 3
  • 2
6 Comments
 
LVL 19

Expert Comment

by:VoteyDisciple
ID: 17874302
The only concern that springs to mind is that if all users of the system have access to the directory where session files are stored, you introduce the risk that somebody could take over somebody else's session.  That's easy to prevent with proper permissions on the server, it's just something to keep in mind in that type of environment.

As far as the server itself is concerned, it has no idea whether you're on the internet or on a LAN; it just answers requests the same to everybody.
0
 
LVL 14

Expert Comment

by:Aamir Saeed
ID: 17874432
On SOME computers(LAN/Networks) where the user priviledges are restricted, php-session may act strange.
0
 
LVL 16

Accepted Solution

by:
ellandrd earned 160 total points
ID: 17875957
>>Is there any problem with using sessions on a local network instead of internet?

No - there is no issues or reported bugs to suggest a problem.  they should work fine.  I suspect that your PHP isnt configured correctly and this is why your sessions are working proper.

however, if you register a session on computer X, it will not be registered or available to use or view on computer Y.  each registered session is unique to each computer.

>>The only concern that springs to mind is that if all users of the system have access to the directory where session files are stored, you introduce the risk that somebody could take over somebody else's session

not in my life time, have i seem this happen!  i have developed a lot of web applications - custom build for large networks (e.g intranets) where 150+ users use each day and never has my session(s) get lost or mixed up with somebody else's session...  and all my sessions are stored in same directory on server...

>>That's easy to prevent with proper permissions on the server, it's just something to keep in mind in that type of environment.

I do agree with this statement.  PHP has to be configured correctly with the right permissions on the server running it

However session can expire when unactive for a period of time...but if you explain more what the issue is exactly, we can assist you more with a better answer.

Ellandrd
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 16

Expert Comment

by:ellandrd
ID: 17875961
0
 
LVL 19

Expert Comment

by:VoteyDisciple
ID: 17876218
Sorry, I wasn't clear with that statement.  There definitely isn't a concern about PHP losing track of who has which session.  Without deliberate interference, PHP will never mix up two sessions.

The concern I was bringing up is of a user on the system deliberately accessing the session files, and using that information to deliberately hijack somebody else's session.  That is absolutely possible if permissions are incorrectly set.  A lot of the time the web server is accessible by a limited group of people, so permissions on session files aren't of any concern; in an environment where ordinary users have access to the server this suddenly becomes a very real concern.

Again, as I said, if the permissions are set such that regular users cannot access the session files, then this poses no risk at all.  It's just something to watch out for.
0
 
LVL 16

Expert Comment

by:ellandrd
ID: 17876621
thanks for the points and grade

ellandrd
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

This article discusses how to create an extensible mechanism for linked drop downs.
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now