sanitize and validation of sessions and cookies

-

from security point of view sanitizing , validating input.

on user registration create session using posted username sanitized , validated first.

on further visit when user logins in username validated database , again session created , used throughout pages.

i ever set session user in code end session (as per information have seen , read) end session :

 

unset($_session['username']);

$_session = array();

// invalidate session cookie

if (isset($_cookie['username'])) {

setcookie('username', '', time()-86400, '/');

}

session_destroy();

 

now, never set cookie or use knowledge have seen code should used end session, therefore presume there valid reason , session must use cookie , wondering if $_cookie['username'] should sanitized each time user goes different page in administraion pages,  have seen filter_input functions have option filter cookie input. apologise not understanding cookies in situation used for, set session on login , and end on logout.

would need doing like:

 

if(filter_has_var(input_cookie, "username")) {

$cleancookie = filter_input(input_cookie, 'username', filter_sanitize_string);

$_cookie['username'] = trim($cleancookie);

 

perhaps if knew why having reset session cookies when end session, if kindly explain.

 

further sanitizing session cookies value stored in $_session['username'], user moves between admin pages should value sanitized , if please advise me of best method this. have perhaps validate against expected values of letters , numbers?

 

thank in advance help, information , answers me understand , resolve above security issues.

tessimon wrote:

 

perhaps if knew why having reset session cookies when end session, if kindly explain.

php sessions rely on cookies being enabled, don't use cookies store values such username. instead create session variables.

 

the difference values in cookie stored on user's computer. values in session variables stored on server. value that's stored on user's computer session id (which stored cookie).

 

when closing session, using unset() session variables followed session_destroy() should sufficient. if have large number of session variables, following line of code has effect of destroying them all:

 

$_session = array();

 

running session_destroy() removes session id user's computer.



More discussions in Develop server-side applications in Dreamweaver


adobe

Comments

Post a Comment

Popular posts from this blog

How to change text Component easybook reloaded *newbee* - Joomla! Forum - community, help and support

-
Image
hi all, i started building websites joomla not long ago, can use help.. for got problem guestbook. i have installed easybook. , running on following website http://odoorn321.nl/ (under gastenboek) i want change text: waardering website (is dutch valuate website) waardering. idea rid of word website, because have valuate vacation home, not website. i have made screenshot of text want change. where , how going find css file change text? your appreciated! thanks no one? Board index Joomla! Older Version Support Joomla! 2.5 General Questions/New to Joomla! 2.5
Read more

After Effect warning: A problem occurred when processing OpenGL commands

-
i have after effects cs6 in computer cs5.5 installed. 64bit windows 7 ultimate 20gb memory , 2 amd radeon hd 6900 series display adapters drivers updated hour ago (driver date 27.7.2012, version 8.982.0.0).   when trying use after ecffects, error message " after effect warning: problem occurred when processing opengl commands " when clicking composition window.   what done? not much, i'm afraid. need older graphics driver. other disable second card or play configuration. unfortunately not smart person decided cs6 no longer need manual opengl control user, there's no way suppress within program force-revert software-only modes in case of such issues...   mylenium More discussions in After Effects adobe
Read more

Preconditions Failed. - Joomla! Forum - community, help and support

-
hello! i'm having problem; every time click save&close button, or save button, or close button module; following message appears: "precondition failed the precondition on request url /administrator/index.php evaluated false. additionally, 404 not found error encountered while trying use errordocument handle request." it happens modules. thanks in advance. problem description :: forum post assistant (v1.2.3) : 13th november 2012 wrote: can\'t save changes or close module. log/error message :: forum post assistant (v1.2.3) : 13th november 2012 wrote: precondition failed precondition on request url /administrator/index.php evaluated false. additionally, 404 not found error encountered while trying use errordocument handle request. last php error(s) reported :: forum post assistant (v1.2.3) : 13th november 2012 wrote: [04-mar-2012 01:25:56] php fatal error: call member function get() on non-object in /home/joommmy1/addon/youngstaer/sub/teenace/public_html/templates/...
Read more