Guest Deleted Posted June 3, 2013 Share Posted June 3, 2013 Can anybody list some examples? I'm trying to show my friend the differences between sessions and cookies in PHP and I've been having a hard time coming up with something cookie related that she could do. Link to comment Share on other sites More sharing options...
abigail Posted June 3, 2013 Share Posted June 3, 2013 I use a cookie when I have mobile version of my site, so they can click 'mobile' link if my code didn't pick it automatically.I save it in a cookie so when they move page-to-page the code already knows if mobile or fullsite.I use a session only for secure pages that access the database. Link to comment Share on other sites More sharing options...
Larry Posted June 3, 2013 Share Posted June 3, 2013 To start, use sessions for anything that must be kept secure (such as unique database identifiers such as primary key columns) and use cookies for anything that must be retained for a long period. From there, cookies are good for usernames, session IDs, and user preferences. Link to comment Share on other sites More sharing options...
Guest Deleted Posted June 3, 2013 Share Posted June 3, 2013 Speaking of session ID's, they should be encrypted, right? Are there any other security measures you recommend? Link to comment Share on other sites More sharing options...
Larry Posted June 3, 2013 Share Posted June 3, 2013 No, session IDs are not encrypted. "Any other security measures..." is too big of a question. It really depends upon the application. Always implement a level of security appropriate to the application. A forum has some minimal security concerns; an e-commerce application has much more serious issues. Link to comment Share on other sites More sharing options...
Guest Deleted Posted June 3, 2013 Share Posted June 3, 2013 She wants to make a PBBG. She'll be using htmlspecialchars() when any user-submitted data is displayed but my worry is that she'll forget to use it somewhere and somebody will be able to put in a JavaScript that sniffs cookies. I was hoping to help her develop an extra form of protection. If users could get people's session ID's, then my presumption is that they could login as them and wreck havock to their account. A lot of PBBG players take their chosen game very seriously and put years of effort into their account and status in the game. These people would be devastated if a hacker came in and stole all their stuff or got it banned or something. So yeah I was just wonderin' how I could help her out Link to comment Share on other sites More sharing options...
HartleySan Posted June 3, 2013 Share Posted June 3, 2013 In the grand scheme of things, PBBG data getting hacked isn't nearly as bad as, say, credit card numbers being stolen. All the same, to help avoid human error, writing a function that always uses htmlspecialchars, and then executing that function for validation purposes might be best. 1 Link to comment Share on other sites More sharing options...
Recommended Posts