[ciapug] Securing session variables

[Jerry Weida]

 I don't generally worry too much about encoding session variables, as 
they are stored server-side.  Using the SESSION array seems to be the 
best way to use them for interoperability as well.  It was the only way 
I could find to get it to work with Apache on Windows.

Chris Hettinger wrote:

>Thx, and I am using $_SESSION[] rather than globals as well.
>
>
>
>-----Original Message-----
>From: ciapug-admin@cialug.org [mailto:ciapug-admin@cialug.org]On Behalf
>Of Dave J. Hala Jr.
>Sent: Tuesday, November 18, 2003 8:35 AM
>To: PHP List
>Subject: Re: [ciapug] Securing session variables
>
>
>I don't encode them, but I do try to use them sparingly. I also think it
>is important to call them using $_SESSION[], rather than as a global.
>
>
>
>On Tue, 2003-11-18 at 08:18, Chris Hettinger wrote:
>  
>
>>What are your suggestions in regards to securing session variables in web site applications?
>>
>>I am currently working on a project in which I am using session variable to store some key identifiers so the next page(s) can use them. I am wondering if I could do anything to secure these variables between page transitions.
>>
>>Could I encode them in some way on page X, before redirecting to page Y. Then having something decode it on page Y so it can be used ??
>>
>>-Chris Hettinger, Web Specialist
>>-IFMC/ENCOMPASS
>>-www.encompas.com
>>-(515) 279-8730
>>
>>
>>
>>CONFIDENTIALITY NOTICE:  This communication, including any attachment, may contain confidential information and is intended only for the individual or entity to whom it is addressed.  Any review, dissemination, or copying of this communication by anyone other than the intended recipient is strictly prohibited.  If you are not the intended recipient, please contact the sender by reply email, delete and destroy all copies of the original message.'
>>
>>_______________________________________________
>>ciapug mailing list
>>ciapug@cialug.org
>>http://cialug.org/mailman/listinfo/ciapug
>>    
>>