phatcode.net / forum / view message

View Message

agamemnus Fri Nov 9 2007 at 12:20 pm
security risk with session ids and current server setup

I was reading up on session ids and I found out that the default configuration allows sessions to be used with urls as opposed to cookies.

This is a social engineering risk if you are coding a multiplayer browser based game.

Question: As I understand it, I can just put php.ini and put in "session.use_only_cookies = 1" in my public_html/capitalopoly folder, or do I need to put it somewhere else?

security risk with session ids and current server setup - agamemnus (Fri Nov 9 2007 at 12:20 pm)

yes that should work - Plasma (Fri Nov 9 2007 at 6:45 pm)
- someone sending a link to do something - agamemnus (Fri Nov 9 2007 at 8:50 pm)
  - and how would that someone get your session id? * - Plasma (Fri Nov 9 2007 at 10:04 pm)
    - It's the same way with my site -- - subxero (Sat Nov 10 2007 at 1:35 am)
      - Actually using FB as CGI *is* kinda cool .. - Marcade (Sat Nov 10 2007 at 7:06 am)
        I'll agree, it's neat-o, but a bit overkill for simple web apps. - subxero (Sat Nov 10 2007 at 4:44 pm)
        that may be true BUT... - agamemnus (Sat Nov 10 2007 at 5:08 pm)
        .. I think you will find out eventually .. - Marcade (Sat Nov 10 2007 at 5:40 pm)
        =D * - agamemnus (Sun Nov 11 2007 at 11:28 am)

Reply to this Message

Name
Subject

Message



No HTML is allowed, except for <code> <b> <i> <u> in the message only. All URLs and email addresses will automatically be converted to hyperlinks.

Forum

View Message

Reply to this Message