Re: Is PHP session safe? — PHP Programming Language

You are here: Re: Is PHP session safe? « PHP Programming Language « IT news, forums, messages

Posted by iktorn on 06/11/07 14:57

howa napisał(a):
> 1. For example, without SSL, If I capture my local LAN packet and
> scanned the SESSION ID, is it possible to hijack the session?
>

unfortunately yes

> 2. So any recommendation for web apps session handling without SSL?
>

- use very short session life time
- force user to login again before doing something important

--
Wiktor Walc
http://phpfreelancer.net

Navigation:

Next in forum: Re: Is PHP session safe?
Prev in forum: Re: preg_match and html question
Thread view: Re: Is PHP session safe?

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация