I am making a feasibility study in Security of pages(for login script etc.)using session or Cookies
I wanna know which one is secure and why
1> storing the values in session and checking it in the secured pages
2> storing the session ID in cookies by encrptying (may be double encryption)it and chekcing by decrypting it in the secured pages
3> storing the session in Database and checking in secured pages
.....................................................................................................................
Can anybody tell me more about the three topics ....which one to use and why..
I will be very greatful if got solved my problem..
anyway thanks in advance
questions about page security with session or else???
Moderator: General Moderators
Before anyone can reasonably answer your questions, I think you might want to do a bit more research, so that you understand how sessions work.
1. The phrase "sessions or cookies" doesn't make sense, because these are not mutually exclusive. What do you mean by this?
2. All three items in your list cover different topics, so they're not easily compared. In the first, you're describing a pretty generic solution - store "values" in a session and check "it" on secure pages. The second item describes another topic, the session identifier. The third item describes yet another topic, the location of the session data store.
I'm not sure if this will help, but I wrote an article that first tries to describe how sessions work before explaining some of the security concerns:
http://shiflett.org/articles/the-truth-about-sessions
Hope that helps.
1. The phrase "sessions or cookies" doesn't make sense, because these are not mutually exclusive. What do you mean by this?
2. All three items in your list cover different topics, so they're not easily compared. In the first, you're describing a pretty generic solution - store "values" in a session and check "it" on secure pages. The second item describes another topic, the session identifier. The third item describes yet another topic, the location of the session data store.
I'm not sure if this will help, but I wrote an article that first tries to describe how sessions work before explaining some of the security concerns:
http://shiflett.org/articles/the-truth-about-sessions
Hope that helps.
- jayshields
- DevNet Resident
- Posts: 1912
- Joined: Mon Aug 22, 2005 12:11 pm
- Location: Leeds/Manchester, England