eMoneySpace
Welcome, Guest. Please login or register.
Did you miss your activation email?
News: Welcome to eMoneySpace! Jun 27, 2022 12:25 AM




cookies vs sessions
Print
Author Topic: cookies vs sessions  (Read 3741 times)
Delusional

Reputation: (+2)
*

Offline

Gender: Male
Posts: 4713
Referrals: 6


GPSBlack Creator

View Profile WWW
Dec 12, 2008 05:48 PM

alot of noob coders say that using sessions are alot more secure. well sorry to break it too you but the use of sessions doesn't make the site more secure, unless the sessions are accompanied by cookies.

the cookies creation in most scripts can be injected simply because the cookies are being made incorrectly. cookies need to have 5 variables to work right, most scripts like yob and gen2 only construct cookies with 3 of the 5 required variables.
Logged

legolasoft
Reputation: (+20)
*

Offline

Gender: Male
Posts: 1203
Referrals: 8


*banned*

View Profile
Reply #1: Dec 13, 2008 01:25 PM

+1
Logged

mc2w
Reputation: (0)
*

Offline

Posts: 68
Referrals: 3

View Profile
Reply #2: Dec 13, 2008 10:02 PM

This sounds interesting. Can we get some more info about keeping login sessions secure using cookies? I mean, you only say how many variables to use, but not much else.
Logged

Delusional

Reputation: (+2)
*

Offline

Gender: Male
Posts: 4713
Referrals: 6


GPSBlack Creator

View Profile WWW
Reply #3: Dec 13, 2008 10:51 PM

This sounds interesting. Can we get some more info about keeping login sessions secure using cookies? I mean, you only say how many variables to use, but not much else.

many cookies creation on scripts like yob, gen2, and aurora use the following format
Code:
setcookie("user", "username", time()+3600);

this is wrong and is depreciated. the correct way would be this way
Code:
setcookie("user", "username", time()+3600,"/",".domain.com");

this is a secure cookie also you would want in the header some where
Code:
setcookie("user, "username", time() - 3600, "/",".domain.com");

also make sure that any file that requires access with a cookie and/or session you have
Code:
session_start();
one line below
Code:
<?php
Logged

daveoffy
Reputation: (0)
*

Offline

Gender: Male
Posts: 21
Referrals: 0

View Profile
Reply #4: Dec 14, 2008 12:44 PM

<deleted>
« Last Edit: Dec 08, 2015 10:32 PM by daveoffy » Logged
Delusional

Reputation: (+2)
*

Offline

Gender: Male
Posts: 4713
Referrals: 6


GPSBlack Creator

View Profile WWW
Reply #5: Dec 14, 2008 03:13 PM

That is very useful. I am going to change all of my sessions soon into cookies. *bookmarks*
i woul;dn't go that far. session are more secure that cookies are.
Logged

daveoffy
Reputation: (0)
*

Offline

Gender: Male
Posts: 21
Referrals: 0

View Profile
Reply #6: Dec 19, 2008 07:06 AM

<deleted>
« Last Edit: Dec 08, 2015 10:31 PM by daveoffy » Logged
Delusional

Reputation: (+2)
*

Offline

Gender: Male
Posts: 4713
Referrals: 6


GPSBlack Creator

View Profile WWW
Reply #7: Dec 19, 2008 07:30 AM

Well im not going to change ALL of them but I am going to add some cookies so members can stay logged in. My friend on a mac always have problems on my site with sessions, he always gets logged out every few mins.
then the time that was set on the sessions were not high enough, you might try to put in an if statement based on users user-agent or os.
Logged

Moderator1
Reputation: (0)
*

Offline

Posts: 11
Referrals: 0

View Profile
Reply #8: Dec 20, 2008 09:02 AM


thnx 4 ths useful info...
Logged
Miguel
Reputation: (+65)
*

Offline

Gender: Male
Posts: 18972
Referrals: 453


hypnotized much?

View Profile
Reply #9: Dec 21, 2008 07:27 AM

looks like this guys above is just posting to make up posts so he can enter the weekly draw
Logged

[Moderator's editing: Dead image removed]
Delusional

Reputation: (+2)
*

Offline

Gender: Male
Posts: 4713
Referrals: 6


GPSBlack Creator

View Profile WWW
Reply #10: Dec 21, 2008 07:32 AM

yeah, should prolly report him, alot of ppl have been doing that and getting the $10 i think only those with a high post count should get into the contest, those of us that are actually active.
Logged

Miguel
Reputation: (+65)
*

Offline

Gender: Male
Posts: 18972
Referrals: 453


hypnotized much?

View Profile
Reply #11: Dec 21, 2008 07:40 AM

yeah, should prolly report him, alot of ppl have been doing that and getting the $10 i think only those with a high post count should get into the contest, those of us that are actually active.

I agree with you.
Logged

[Moderator's editing: Dead image removed]
Delusional

Reputation: (+2)
*

Offline

Gender: Male
Posts: 4713
Referrals: 6


GPSBlack Creator

View Profile WWW
Reply #12: Dec 21, 2008 08:11 AM

ty, ok back on topic
Logged

Print
 
Jump to:  
Copyright © 2008-2022 eMoneySpace. All rights reserved.