Wow! That was deep!Originally Posted by AnthonySterling
I need to chew on that code for a while...
Debbie
| SitePoint Sponsor |
Wow! That was deep!
I need to chew on that code for a while...
Debbie
Hi,
I have been messing around with php sessions and cookies in order to learn more about securing php applications. I haven't read all of the above thread so sorry if I'm repeating stuff but I thought this might be useful to someone. This is with the default settings for MAMP 2.0.1 and PHP 5.3.6 on a Mac OSX 10.6.8 (Snow Leopard).
Session data is stored here on MAMP:
/Applications/MAMP/tmp/php
You can open this in a text file and read the array quite easily. Or if you're logged in via SSH you could read it with VI editor. The name of the session files I have are:
sess_*HASHED SESSION ID GOES HERE*
The session id is then stored in the cookie in a browser dependent location. I have been using chrome and they cookies are stored in SQLite tables here:
/Users/put_your_username_here/Library/Application Support/Google/Chrome/Default
You're looking for a file named Cookies
I downloaded SQLite Database Browser from here: http://sqlitebrowser.sourceforge.net/ to open these files.
It basically opens the table as a speadsheet and you and view all the cookies there.
So there you go, that's how you can find your session cookie and its corresponding session data without using php.
I installed that app and tried opening the cookies.sqlite file but nothing shows up in the app?
Debbie
Is this relevant now?I installed that app and tried opening the cookies.sqlite file but nothing shows up in the app?
Debbie
@AnthonySterling: I'm a PHP developer, a consultant for oopnorth.com and the organiser of @phpne, a PHP User Group covering the North-East of England.
Why?
Did the topic change?!
Debbie
Not exactly changed but as Anthony already told that you are going more deeper than it is required. The code and three files Anthony provided are more than enough to try session (login, see private page and logout). Put three files in a separate folder and try browsing the site/page. If you run it as localhost (http://localhost/yourfolder/) then here are steps to see the cookie values in Firefox:Why?
Did the topic change?!
Debbie
1. Go to Options box Firefox->Options (Latest Firefox has a drop-down arrow at upper left corner).
2. Click on the Privacy tab.
3. Click on the link 'Remove individual cookies' link.
4. Type 'localhost' in Search box.
5. Now scroll down to see all the cookies stored for the domain 'localhost'.
6. Click on the CookieName that you want to see the value "content" below the list.
Hope that helps! Good luck!
I think that's for you to decide Debbie.Why?
Did the topic change?!
Debbie
How did you get on with the code I posted? Did you manage to understand what and why it is doing what it does?
In addition to Raju's excellent reply, you can omit the local hosting as it's still being hosted at the original location mentioned earlier.
@AnthonySterling: I'm a PHP developer, a consultant for oopnorth.com and the organiser of @phpne, a PHP User Group covering the North-East of England.
Posting Permissions
Reply With Quote
Bookmarks