4 {{ upvoteCount | shortNum }}
4 {{ upvoteCount | shortNum }}

Session module

by iqtechways
3 replies
The session module cannot guarantee that the information we store in a session is only viewed by the user who created the session. We need to take additional measures to actively protect the integrity of the session,What are they??
#module #session
  • Profile picture of the author wordpressguru
    Originally Posted by iqtechways View Post

    The session module cannot guarantee that the information we store in a session is only viewed by the user who created the session. We need to take additional measures to actively protect the integrity of the session,What are they??
    You'll have to activate SSL. Then, the session data will be encrypted and sent over SSL.. This way, the session will be viewed only by the user who create that session.
    Signature
    Searching for a wordpress theme that suit your needs? // Or maybe you have problems moving your wordpress website?
    {{ DiscussionBoard.errors[8761090].message }}
    • Profile picture of the author softwarewarden
      Originally Posted by wordpressguru View Post

      You'll have to activate SSL. Then, the session data will be encrypted and sent over SSL.. This way, the session will be viewed only by the user who create that session.
      That's not realy true. all session data but the session id should be data stored server side not client side. that would just encrypt data between the browser and the server it would not really provide more security for sessions. never print stuff that's in a session to a user except like seting a session id cookie.

      1. option to protect session data is to encrypt session the data you could use the users ip address as the key. theres problems with this and advantages also. It wont matter as much if the session data is gotten as the person would have to brute force the unknown key.
      {{ DiscussionBoard.errors[8780653].message }}
  • Profile picture of the author shahriyar
    I have previously kept encrypted data (using my custom algorithm) in the session which I decoded (on server side) before using/reading it. So, even if anyone sees my session data they wouldn't understand a thing without my algo.
    Signature
    Super WSO => No hype, No Catch, 25+ SEO Tools


    **Keep Hackers Away** 176+ Rock Solid Security for Wordpress
    {{ DiscussionBoard.errors[8780803].message }}

Trending Topics