Help
Hi
Well, I'm just making sure before I employ a CMS on my site...
I have a user log in that administrators can log into and the website would recognise they are admins.
All my content is loaded on an index.php page and I was thinking if I set a session to say an admin is logged in and then made the admin be able to edit the page via the index.php file would this be safe or is there a way for a user to manipulate sessions so users could randomly edit my site?
Thanks
Page 1 of 1
How safe are sessions?
Rate Topic:
#1
Ashley Byrom 
- Dedicated Member
-
- Group: Members
- Posts: 151
- Joined: 06-February 10
- Reputation: 13
- Gender:Male
- Location:Manchester, United Kingdom
- Experience:Advanced
- Area of Expertise:Web Developer
Posted 08 March 2010 - 05:58 PM
#2
rallport
- Web Guru
-
- Group: Members
- Posts: 3,814
- Joined: 03-January 10
- Reputation: 266
- Gender:Male
- Location:England, UK
- Experience:Advanced
- Area of Expertise:Web Developer
Posted 08 March 2010 - 10:05 PM
hehe 
They are quite safe as some pretty big cms' and apps use sessions for user management. I'd probs also protect the admin directory with a .htaccess file to give an extra level of protection.
But to put your mind at rest, you should have a read on the topic of session hijacking.
They are quite safe as some pretty big cms' and apps use sessions for user management. I'd probs also protect the admin directory with a .htaccess file to give an extra level of protection.
But to put your mind at rest, you should have a read on the topic of session hijacking.
#3
sunwukung
- Expert
-
- Group: Validating
- Posts: 1,150
- Joined: 28-March 08
- Reputation: 57
- Gender:Male
- Location:Bristol
- Experience:Advanced
- Area of Expertise:Web Developer
Posted 09 March 2010 - 09:26 AM
if you can, use a session handler to pop the session in a database table instead. Also, rename the session default (so it's not PHPSESSID).
Share this topic:
Page 1 of 1