1
tedsmith
Why is the 'session.use_trans_sid' directive dangerous?
  • 2008/6/24 8:18

  • tedsmith

  • Home away from home

  • Posts: 1151

  • Since: 2004/6/2 1


Can anyone tell me why 'session.use_trans_sid' is dangerous or give me a URL that explains it well?

Thanks

Ted

2
wizanda
Re: Why is the 'session.use_trans_sid' directive dangerous?
  • 2008/6/24 8:54

  • wizanda

  • Home away from home

  • Posts: 1588

  • Since: 2004/3/21


Quote:
Most people tend to forget that the PHPSESSID are dangerous to use straight
in the queries, because it comes from a cookie (or URL), and thus from the
client, and thus can not be trusted (SQL-injection).

It also looks awful, having every link with their session posted into the url...
.htaccess
php_flag session.use_trans_sid off

3
tedsmith
Re: Why is the 'session.use_trans_sid' directive dangerous?
  • 2008/6/24 15:06

  • tedsmith

  • Home away from home

  • Posts: 1151

  • Since: 2004/6/2 1


I need some more detail really. Any URLs to point to that anyone knows of?

Login

Who's Online

52 user(s) are online (31 user(s) are browsing Support Forums)


Members: 0


Guests: 52


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Aug 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits