SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Member
    Join Date
    Jul 2009
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question SSL cookie+admin cookie

    I want to make my website secure by using session cookies(not stored on a user's pc). I also want to use ssl. I know how to set session cookies using php, but what type of cookie does SSL use?, session or persistent(stored on user's pc) cookie?

    And i was told if a hacker finds the administrator cookie they will be able to have admin privilages. If i use session cookies, will this eliminate the risk? Because session cookies are stored in the browser's memory, not the pc's hard drive.

    What is the most secure way to have an admin login control panel for my site? For example cpanel uses www.url.com/cpanel then you type in username and password, so I'm just wondering what the most secure way is?

  2. #2
    SitePoint Addict ArunB's Avatar
    Join Date
    Jun 2008
    Location
    Hyderabad
    Posts
    252
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think Session cookie also will be stored (in temporary memory) on the client PC. So this cookie will be erased when Browser is closed.

    Regarding session hijacking, try using suhosin extension. This extension will help you in encrypting both session and cookie data. This extension will encrypt the session data with Remote IP address. So, even if somebody on a different system able to grab the cookie, they cannot use it.

    I think, this cookies concept doesn't depend on SSL.

  3. #3
    SitePoint Member
    Join Date
    Sep 2009
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Use SSL (Secure Sockets Layer) cookies when you want to encrypt sensitive information. If you go from an HTTPS (secured) connection, and then back to HTTP (non-secured), your cookies are readable and visible.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •