LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
Reload this Page Php and "Cookie Poisoning"
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 04-12-2011, 10:57 AM   #1
action_owl
Member
 
Registered: Jan 2009
Location: 127.0.0.1
Distribution: Fedora, CentOS, NetBSD
Posts: 115

Rep: Reputation: 17
Php and "Cookie Poisoning"

If all that is kept in a cookie is a php session identifier then is "Cookie Poisoning" of any concern? All of the cookie poisoning examples I have seen are exploited when someone puts something sensitive in a cookie.

There is still a Session Hijacking threat with the Session ID, but that can be met by checking if the user-agent and/or IP has changed between requests.
 
Old 04-12-2011, 11:07 AM   #2
Snark1994
Senior Member
 
Registered: Sep 2010
Distribution: Debian
Posts: 1,632
Blog Entries: 3

Rep: Reputation: 346Reputation: 346Reputation: 346Reputation: 346
This might be better off in the 'Security' forum... But as far as I am aware all attacks would have to go through session hijacking (or impersonation, if you've got a crap method for session identification)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
What Is A "Bundled Cookie"? cwizardone Slackware 9 09-11-2009 12:39 PM
HTTP cookie "CAD" ? phsythax Programming 1 12-18-2007 12:03 PM
"Cookie HELL", LOL! BuckNekkid General 9 11-25-2007 09:14 PM
Rewriting "Set-cookie:" http header field J_Szucs Linux - Networking 3 08-06-2007 04:10 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 04:37 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration