Solved

Sessions

Posted on 2006-11-04
6
208 Views
Last Modified: 2008-03-06
Is there any problem with using sessions on a local network instead of internet? For example: If i have a computer(server) connected to around 100 computers through a just a local network(not internet).
0
Comment
Question by:madman77450
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 19

Expert Comment

by:VoteyDisciple
ID: 17874302
The only concern that springs to mind is that if all users of the system have access to the directory where session files are stored, you introduce the risk that somebody could take over somebody else's session.  That's easy to prevent with proper permissions on the server, it's just something to keep in mind in that type of environment.

As far as the server itself is concerned, it has no idea whether you're on the internet or on a LAN; it just answers requests the same to everybody.
0
 
LVL 14

Expert Comment

by:Aamir Saeed
ID: 17874432
On SOME computers(LAN/Networks) where the user priviledges are restricted, php-session may act strange.
0
 
LVL 16

Accepted Solution

by:
ellandrd earned 160 total points
ID: 17875957
>>Is there any problem with using sessions on a local network instead of internet?

No - there is no issues or reported bugs to suggest a problem.  they should work fine.  I suspect that your PHP isnt configured correctly and this is why your sessions are working proper.

however, if you register a session on computer X, it will not be registered or available to use or view on computer Y.  each registered session is unique to each computer.

>>The only concern that springs to mind is that if all users of the system have access to the directory where session files are stored, you introduce the risk that somebody could take over somebody else's session

not in my life time, have i seem this happen!  i have developed a lot of web applications - custom build for large networks (e.g intranets) where 150+ users use each day and never has my session(s) get lost or mixed up with somebody else's session...  and all my sessions are stored in same directory on server...

>>That's easy to prevent with proper permissions on the server, it's just something to keep in mind in that type of environment.

I do agree with this statement.  PHP has to be configured correctly with the right permissions on the server running it

However session can expire when unactive for a period of time...but if you explain more what the issue is exactly, we can assist you more with a better answer.

Ellandrd
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 16

Expert Comment

by:ellandrd
ID: 17875961
0
 
LVL 19

Expert Comment

by:VoteyDisciple
ID: 17876218
Sorry, I wasn't clear with that statement.  There definitely isn't a concern about PHP losing track of who has which session.  Without deliberate interference, PHP will never mix up two sessions.

The concern I was bringing up is of a user on the system deliberately accessing the session files, and using that information to deliberately hijack somebody else's session.  That is absolutely possible if permissions are incorrectly set.  A lot of the time the web server is accessible by a limited group of people, so permissions on session files aren't of any concern; in an environment where ordinary users have access to the server this suddenly becomes a very real concern.

Again, as I said, if the permissions are set such that regular users cannot access the session files, then this poses no risk at all.  It's just something to watch out for.
0
 
LVL 16

Expert Comment

by:ellandrd
ID: 17876621
thanks for the points and grade

ellandrd
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
There are times when I have encountered the need to decompress a response from a PHP request. This is how it's done, but you must have control of the request and you can set the Accept-Encoding header.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question