Re: Sessions — PHP Programming Language — IT news, forums, messages

You are here: Re: Sessions « PHP Programming Language « IT news, forums, messages

Posted by Czapi on 02/22/07 16:04

Erwin Moller wrote:
> I say it is a myth that passing PHPSESSID by URL is less secure than passing
> it by cookie.
> Anybody who can eavesdrop on the traffic between the client and server can
> see the PHPSESSID, in a cookie, or in the URL.
> The content of the cookie is just plain there for anybody to read: in plain
> text.

Simple explanation, try to perform session fixation by sending an URL
over an email client or IM with trans_sid turned off.

--
Cz.

Navigation:

Next in forum: Re: Is it possible to submit two forms at a time
Prev in forum: Re: Streaming Video - Secure
Thread view: Re: Sessions

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация