Welcome to Our Community

Wanting to join the rest of our members? Feel free to sign up today.

Sign Up

PHP session security questions

Discussion in 'Web Hosting Discussion' started by Allen Fan, Jan 8, 2016.

Share This Page

  1. Allen Fan New Member

    Joined:
    Jun 9, 2015
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    Hi,So i was looking into how to make my site more secure (specifically PHP sessions) because at the moment i'm running user id and some other data through the session (avatar...etc) and from what i could figure out on the interwebs is that PHP sessions are not visible to users but the PHPSESSID is.My question is, how can a hacker hijack my PHP session, what is the process they need to go through to obtain that session data? i have tried to use wireshark to test my site and i couldn't see any session data but only cookies (something that's scary is seeing my password when POSTing to the log-in page, Thanks for your advice!
     
    #1