FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Best practice, (secure), to save session data?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Best practice, (secure), to save session data? [message #178414 is a reply to message #178402] Fri, 15 June 2012 20:44 Go to previous message
Arno Welzel is currently offline  Arno Welzel
Messages: 317
Registered: October 2011
Karma:
Senior Member
Simon, 14.06.2012 10:35:

> We have a site where many users can login/logout, (giving them access to
> their personal information).
>
> The users have 2 choices, either we 'remember' the user after they close
> their browsers or not, (for up to 30 days).

Which means, everybody who copies the cookie has access to the personal
information.

> It was suggested that I base64_encode/base64_decode the data as a cookie
> but I am not sure about the security implications of doing that, (the
> way I see it, if they can get the session cookie then they can just as
> well access the base64_encoded data anyway).

Yep.

> We have an https site, but we also allow login/access via http.
>
> Any tutorial/reading material/suggestions on how I can store logged in
> users credentials.

You can't. Either you ask the user to enter the password/key *always* or
the application becomes less secure, since the only security is that the
cookie is not copied by an attacker. There is no "comfortable" way.


--
Arno Welzel
http://arnowelzel.de
http://de-rec-fahrrad.de
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Stats comp.lang.php (last 7 days)
Next Topic: Is spl_object_hash unique in the SQL sense? Can it be used as a unique SQL db column?
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Fri Nov 22 15:24:04 GMT 2024

Total time taken to generate the page: 0.04855 seconds