Tag Archives: Cookie

Sessions

Way of preserving data across a series of web site accesses by the user . session support is enabled by default . configuration options set in php.ini .SID(STRING) is a pre-defined constant within this extension.

User assigned a unique identifier, the “SESSION ID”. Session id is stored in a cookie on the client or in the url .

Site access by user triggers session id check automatically session.auto_start = 1 or upon request … using session_start().

$_SESSION is available as a global variable.

Enable session.use_only_cookies to enforce cookie usage (and prevent session ids in the url) and enable session.cookie_httponly to prevent javascript cookie access (and help prevent session hijacking via xss) .

Share

Cookie Hijacking

Cookie Hijacking, sometimes also known as session hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim’s compute

Share

Session Hijacking

Cookie Hijacking, sometimes also known as session hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim’s compute

The following helps to protect against session hijacking and fixation attacks.

  • Use SSL and set the $secure cookie parameter to true .
  • Set the session.use_only_cookies php.ini parameter to 1 .
  • Protect against XSS vulnerabilities in the application.
  • Rotate the session id on successful login and logout using session_regenerate_id()
Share

cookie

Cookies can be used to store user information for future use . Cookies allow us to store data in users’ machine it self . Cookie is a small file that the server generate in user machine and using that file server can identify the user .When ever the browser send http request to the server , it send the cookies as well . Cookies can be created using PHP functions .

Cookies can be created using the function ‘ setcookie(name,Value ,exp,path,domain)’ and its arguments are given below

Name :Name of the cookie that store the value and it is using to retrieve the stored data

Value : Its the value to be stored in the cookie ()generally we store login details like username , password)

exp : This is the the time that cookie lasts . if its not set ,the cookie will get destroyed when the browser closed .

path : This is path where the cookie to be stored

Domain: Domain where the cookie to be generated

The following can be used to send a cookie from within a PHP application.

  • header()
  • setcookie()
  • setrawcookie()

Example
======

<?php
 setcookie(“user_name”, “phpcodez”, time()+3600);
 ?>

You can retrieve the cookie values as follows

<?php
 echo $_COOKIE["user_name"];
 ?>

You can delete the cookie by setting expiration date in the past

Example:

<?php
 setcookie(“user”, “”, time()-3600);
 ?>
 
Share

Create Cookie

Cookies can be created using the function ‘ setcookie(name,Value ,exp,path,domain)’ and its arguments are given below

Name :Name of the cookie that store the value and it is using to retrieve the stored data

Value : Its the value to be stored in the cookie ()generally we store login details like username , password)

exp : This is the the time that cookie lasts . if its not set ,the cookie will get destroyed when the browser closed .

path : This is path where the cookie to be stored

Domain: Domain where the cookie to be generated

Example
======

<?php
setcookie(“user_name”, “phpcodez”, time()+3600);
?>

Share

cookie php

Cookies can be used to store user information for future use . Cookies allow us to store data in users’ machine it self . Cookie is a small file that the server generate in user machine and using that file server can identify the user .When ever the browser send http request to the server , it send the cookies as well . Cookies can be created using PHP functions .

Share

Persistent Cookie

Also called a permanent cookie, or a stored cookie, a cookie that is stored on a user s hard drive until it expires (persistent cookies are set with expiration dates) or until the user deletes the cookie.

Persistent cookies help websites remember your information and settings when you visit them in the future. This result in faster and more convenient access since, for example, you don’t have to login again.

Besides authentication, other website features made possible by persistent cookies include: language selection, theme selection, menu preferences, internal site bookmarks or favorites, among many others. On your first visit, the website is presented in default mode. During your visit, you select your preferences and these preferences are remembered, through the use of the persistent cookie, the next time you visit the site.

Share