GB Flag 01376 55 60 60
Sales & Support
Search
GetDotted Domains

Viewing Thread:
"PHPSESSID in source; Security Risk...?"

« Back To Forum Threads

The "Freeola Customer Forum" forum, which includes Retro Game Reviews, has been archived and is now read-only. You cannot post here or create a new thread or review on this forum.

Wed 21/09/05 at 18:04
Sibs
Regular
"Peace Respect Punk"
Posts: 8,069
A little while back I worked on my first logon page for a website, and all seemed to go well. However, checking the source today, when you fire up the logon page initially, after the
tag, PHP adds a hidden form element, which is the PHPSESSID. Although it looks encoded, I don't know if this poses any security risk?

It only appears on the first loading of the page, if I enter incorrect login details and the page reloads telling me the login failed, the extra element is no longer there...

Tried google, but just got a bunch of people moaning that it screwed up their valid xHTML... So evidently I'm not the only one it's happening to, but I was wondering if it actually posed any security risk?

Chars
Sibs
 
Report
Page:
« First
« Previous
1
2
Next »
Last (2) »
Page:
Wed 21/09/05 at 19:16
Nimco
Regular
"NULL"
Posts: 1,384
monkey_man wrote:
> Do you need globals on for that?

For session_id() ? No, don't think so.
 
Report
Wed 21/09/05 at 19:13
monkey_man
Regular
"Pouch Ape"
Posts: 14,499
Do you need globals on for that?
 
Report
Wed 21/09/05 at 19:09
Nimco
Regular
"NULL"
Posts: 1,384
Why are you trying to post the PHPSESSID? You shouldn't need to because you can call it direct from PHP using:


session_start();

$session_id = session_id();

?>
 
Report
Wed 21/09/05 at 18:04
Sibs
Regular
"Peace Respect Punk"
Posts: 8,069
A little while back I worked on my first logon page for a website, and all seemed to go well. However, checking the source today, when you fire up the logon page initially, after the tag, PHP adds a hidden form element, which is the PHPSESSID. Although it looks encoded, I don't know if this poses any security risk?

It only appears on the first loading of the page, if I enter incorrect login details and the page reloads telling me the login failed, the extra element is no longer there...

Tried google, but just got a bunch of people moaning that it screwed up their valid xHTML... So evidently I'm not the only one it's happening to, but I was wondering if it actually posed any security risk?

Chars
Sibs
 
Report
Page:
« First
« Previous
1
2
Next »
Last (2) »
Page:

Freeola & GetDotted are rated

Check out some of our customer reviews below:

Thanks!
Thank you for dealing with this so promptly it's nice having a service provider that offers a good service, rare to find nowadays.
I am delighted.
Brilliant! As usual the careful and intuitive production that Freeola puts into everything it sets out to do. I am delighted.

View More Reviews

Need some help? Give us a call on 01376 55 60 60

Go to Support Centre

Find Us

Freeola & GetDotted
94 Church Street
Bocking
Braintree
Essex
CM7 5JY

Our Websites

About Us

Freeola is an ISP, offering unrivalled internet services to small businesses and consumers in the UK. We offer a range of services, from broadband to web hosting. Start at cheap domain name registration, get a free website, or just browse the site. Read more about Freeola & GetDotted.

View our Customer Reviews.

Join Our Mailing list

Join the Freeola & GetDotted mailing list for exclusive deals, offers and service updates straight to your email inbox.

Sign Up to the Mailing List

It appears you are using an old browser, as such, some parts of the Freeola and Getdotted site will not work as intended. Using the latest version of your browser, or another browser such as Google Chrome, Mozilla Firefox, or Opera will provide a better, safer browsing experience for you.