SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Member
    Join Date
    May 2012
    Posts
    17
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Possible problem in my way of setting the SESSION?

    Hi guys,

    Lets say my login.php uses session to store the variables.

    I set my session in such way:
    $userID is retrieved from the database.
    $_SESSION['user_id'] = $userId;
    example user id of 1 logged in will look like this $_SESSION['user_id']= 1;

    will this cause any security problems?(lets not talk about the deep part, does it even secured enough from basic hacking?)
    Is there any relation to the session cookie or Id(which can be hijacked based on other websites say)?
    Can anyone please kind explain to me? Simply and easy one please ty

  2. #2
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,631
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    If you are not running over SSL, it is very easy to hijack a PHP session. So, yes, there are some dangers. If you create a digest hash of a few things then you can guard against that to some extent.

  3. #3
    SitePoint Member
    Join Date
    Jul 2012
    Location
    kolkata
    Posts
    6
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    use md5 hash to encrypt the value and store it

  4. #4
    SitePoint Member
    Join Date
    May 2012
    Posts
    17
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanks for the reply guys! So you mean i should $_SESSION['user_id'] = md5($userId); ?
    Will sha1 be a better choice? Since md5 can be easily cracked.
    I thought session variable are stored somewhere in the server? There is still chance to hijack it?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •