SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Zealot devscripts's Avatar
    Join Date
    Sep 2004
    Location
    ur monitor
    Posts
    175
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    $_SESSION security

    ok guys, i wanna ask a simple question. someone comes to my website and logs in, my script does blah blah and sets the $_SESSION['name'] for him. till here its good. now say he goes to another website who also happen to have the same $_SESSION['name']; and their script also says something like if (isset($_SESSION['name'])) { blah blah } <<<< im sure by now u know wot im asking.

    i read that sessions r stored in temp directories? r they stored with a reference to the website? can you please tell me where i can find my session, and how it gets destroyed once i close browser?

    p.s this is not a cookie question.

    thank you. i await ur views and answers.
    "None of you [truly] believes until he wishes for his brother what he wishes for himself." By The one and Only Prophet Mohammed (Peace and blessings be upon him)

  2. #2
    Sell crazy someplace else markl999's Avatar
    Join Date
    Aug 2003
    Location
    Manchester, UK
    Posts
    4,007
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You say it's not a cookie question but it is really. The session data is held, as you say, on the server side, and the session id is stored in a cookie on the client side. The client side cookie is domain specific so if another site also uses $_SESSION['name'] then it won't matter. So the sessions on the server side don't have a reference to the website but they have a reference to the session id. If you want to find you session data on the server then just view the cookie on the server side and match it's id with the sess_<id here> file on the server, usually held in /tmp (by default).
    If your session.cookie_lifetime is set to 0 (when the browser closes) then next time you start the browser and navigate to the site then you'll get a new session id, so the old one will be destroyed.

  3. #3
    SitePoint Zealot devscripts's Avatar
    Join Date
    Sep 2004
    Location
    ur monitor
    Posts
    175
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thank you markl999 u clarifiedfew things for me.
    "None of you [truly] believes until he wishes for his brother what he wishes for himself." By The one and Only Prophet Mohammed (Peace and blessings be upon him)


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •