[ciapug] Securing session variables
Dave J. Hala Jr.
ciapug@cialug.org
18 Nov 2003 08:35:13 -0600
I don't encode them, but I do try to use them sparingly. I also think it
is important to call them using $_SESSION[], rather than as a global.
On Tue, 2003-11-18 at 08:18, Chris Hettinger wrote:
> What are your suggestions in regards to securing session variables in web site applications?
>
> I am currently working on a project in which I am using session variable to store some key identifiers so the next page(s) can use them. I am wondering if I could do anything to secure these variables between page transitions.
>
> Could I encode them in some way on page X, before redirecting to page Y. Then having something decode it on page Y so it can be used ??
>
> -Chris Hettinger, Web Specialist
> -IFMC/ENCOMPASS
> -www.encompas.com
> -(515) 279-8730
>
>
>
> CONFIDENTIALITY NOTICE: This communication, including any attachment, may contain confidential information and is intended only for the individual or entity to whom it is addressed. Any review, dissemination, or copying of this communication by anyone other than the intended recipient is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email, delete and destroy all copies of the original message.'
>
> _______________________________________________
> ciapug mailing list
> ciapug@cialug.org
> http://cialug.org/mailman/listinfo/ciapug
--
"...Unix, MS-DOS and Windows NT (also known as the Good, the Bad, and the Ugly)"
OSIS
Dave J. Hala Jr.
641.485.1606