Closed Thread Icon

Preserved Topic: SECURE sessions w/ PHP Pages that link to <a href="https://ozoneasylum.com/backlink?for=21153" title="Pages that link to Preserved Topic: SECURE sessions w/ PHP" rel="nofollow" >Preserved Topic: SECURE sessions w/ PHP\

 
Author Thread
RypTide
Nervous Wreck (II) Inmate

From: Manassas VA, USA
Insane since: May 2002

posted posted 06-13-2002 17:26

Tips? Pointers?


I know a cookie can be a secure cookie, but I don't know much more than that.

RypTide

"Music is the vernacular of the human soul" ~ Geoffrey Latham

GRUMBLE
Paranoid (IV) Mad Scientist

From: Omicron Persei 8
Insane since: Oct 2000

posted posted 06-13-2002 17:37

never heard of secure sessions before.

would be interested myself in how this works.

bitdamaged
Maniac (V) Mad Scientist

From: 100101010011 <-- right about here
Insane since: Mar 2000

posted posted 06-13-2002 18:09

Secure sessions isn't so much a "thing" as techniques to prevent people from cracking your session data.

Usually this involves using the md5 function to encrypt the data stored in the cookie. and or storing the user data encrypted on the server accesed buy an encrypted session ID which is the only thing stored in the user's cookie.



.:[ The Tao of Steve ]:.
Be Desireless
Be Excellent
Be Gone
...................................

RypTide
Nervous Wreck (II) Inmate

From: Manassas VA, USA
Insane since: May 2002

posted posted 06-13-2002 18:39

Hrmm...

I hate to ask but do you have any examples?

I was most likely just going to put everything behind ssl, but i'd like to encrypt too..

unfortunately I know little to nothing about encryption




RypTide

"Music is the vernacular of the human soul" ~ Geoffrey Latham

bitdamaged
Maniac (V) Mad Scientist

From: 100101010011 <-- right about here
Insane since: Mar 2000

posted posted 06-13-2002 19:26

Here's a real simple example From the zend site. This is just an example of a way of encrypting cookie data. It doesn't actually check the username and password data against anything. Usually what you would do is have either a user table or a flat file with the user/pass info where you would check the incoming info.

Be sure where ever you store data to store the password using the md5 encryption as well.

You can see it's pretty basic. You may also want to check out the md5 function.



.:[ The Tao of Steve ]:.
Be Desireless
Be Excellent
Be Gone
...................................

Veneficuz
Paranoid (IV) Inmate

From: A graveyard of dreams
Insane since: Mar 2001

posted posted 06-14-2002 15:44

Not sure if this is what you are looking for, but it is about user authentication using sessions in php.

_________________________
Anyone who has lost track of time when using a computer knows the propensity to dream, the urge to make dreams come true and the tendency to miss lunch.
- copied from the wall of cell 408 -

« BackwardsOnwards »

Show Forum Drop Down Menu