RE: [PHP-DB] How to send a SID in a security way - SOLVED!!!
Just wanted to clarify. The devil is always in the details. dave *** --- Bart Baaten [EMAIL PROTECTED] wrote on 10/22/2004 03:35 PM I think he meant one was named System1 and the other System2. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: vrijdag 22 oktober 2004 22:34 To: Andre Matos Cc: [EMAIL PROTECTED] Subject: RE: [PHP-DB] How to send a SID in a security way - SOLVED!!! Andre, Did you intend to write that both sessions have the same name? Doesn't that result in the same issue with the session identification? dave Andre Matos [EMAIL PROTECTED] 10/22/2004 03:25 PM To: [EMAIL PROTECTED] cc: Hi list, Thanks for all people who tried to help me in my session problem. I have found a simple and easy way to have to web-based php applications running in the same server and having one user using both on the same web browser (two different windows or tabs). I did this in one system: session_name(System1); session_start(); and this in the another system: session_name(System1); session_start(); Now I can have my two applications running in the same browser at the same time. Thanks for all help that I received!!! Andre -- Andre Matos [EMAIL PROTECTED] -Original Message- From: Andre Matos [mailto:[EMAIL PROTECTED] Sent: Friday, October 22, 2004 12:59 PM To: 'Matt M.' Cc: [EMAIL PROTECTED] Subject: RE: [PHP-DB] How to send a SID in a security way Hi Matt, I am trying to solve my problem to have one browser accessing two different applications (each one in a different window) where each application has its own and unique sessionID. I really don't want to use cookie because I will need that the user enable the option accept cookies in the browser. However, I am afraid to pass the sessionID on the URL because someone can cat it. I am using currently using SSL. Can you see any solution for my problem? Thanks. -- Andre Matos [EMAIL PROTECTED] -Original Message- From: Matt M. [mailto:[EMAIL PROTECTED] Sent: Friday, October 22, 2004 12:35 PM To: Andre Matos Cc: [EMAIL PROTECTED] Subject: Re: [PHP-DB] How to send a SID in a security way How can I send a SID (SessionID) in a security way from one page to another? Is it security to do this? not sure what exactly you want. You could just use cookies, dont allow it to be in form fields or query strings. you could use ssl.
RE: [PHP-DB] How to send a SID in a security way
The session ID will always remain inside the session as long as you're in the session. http://www.php.net/manual/en/function.session-id.php You don't have to 'send' it, it's already there. Hope this helps... -Original Message- From: Matt M. [mailto:[EMAIL PROTECTED] Sent: vrijdag 22 oktober 2004 18:35 To: Andre Matos Cc: [EMAIL PROTECTED] Subject: Re: [PHP-DB] How to send a SID in a security way How can I send a SID (SessionID) in a security way from one page to another? Is it security to do this? not sure what exactly you want. You could just use cookies, dont allow it to be in form fields or query strings. you could use ssl. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] How to send a SID in a security way
On Saturday 23 October 2004 01:00, Bart Baaten wrote: The session ID will always remain inside the session as long as you're in the session. http://www.php.net/manual/en/function.session-id.php You don't have to 'send' it, it's already there. And to 'stay in the session', the session id has to be propagated from page to page whether by cookies, URL or form. In other words you *have* to send it one way or another. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-db -- /* Eating chocolate is like being in love without the aggravation. */ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] How to send a SID in a security way
What about writing a function that will store some of those required variables into a db. Then on the second site, open a link to the first db and query for those values that you need? bastien From: Andre Matos [EMAIL PROTECTED] To: 'Matt M.' [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: RE: [PHP-DB] How to send a SID in a security way Date: Fri, 22 Oct 2004 12:59:00 -0400 Hi Matt, I am trying to solve my problem to have one browser accessing two different applications (each one in a different window) where each application has its own and unique sessionID. I really don't want to use cookie because I will need that the user enable the option accept cookies in the browser. However, I am afraid to pass the sessionID on the URL because someone can cat it. I am using currently using SSL. Can you see any solution for my problem? Thanks. -- Andre Matos [EMAIL PROTECTED] -Original Message- From: Matt M. [mailto:[EMAIL PROTECTED] Sent: Friday, October 22, 2004 12:35 PM To: Andre Matos Cc: [EMAIL PROTECTED] Subject: Re: [PHP-DB] How to send a SID in a security way How can I send a SID (SessionID) in a security way from one page to another? Is it security to do this? not sure what exactly you want. You could just use cookies, dont allow it to be in form fields or query strings. you could use ssl. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] How to send a SID in a security way
I'm sorry - but performing a slight bastardization of Achems Razor is the best way to solve this dilemma. You have two web-based php applications that you have written yourself, and you have a single user (and browser) who wants to access those applications. The applications reside on the same web server, and as far as I have gathered - there is no intention to change that. The solution is simple - or at least straightforward - at the top of your scripts, pull in your 'local session' from the $_SESSION variable - and make sure all writes go back out to the same location. You still only have one session, but you have two (or more) distinct namespaces within that session, one for each application, which you use to refer to that applications variables. It will mean rewriting anywhere you're referencing these variables - but your only other real alternative is to serve each application up from a different webhost. You'd do best to write your applications to be 'cautious' with $_SESSION anyways, and only pollute discrete parts of it, because that way you can easily use other peoples code that works similarly. (e.g. if I write my application and name it cool_stuff and only write to $_SESSION['cool_stuff'] - then we don't have to worry about overwriting one anothers $_SESSION['username']) $app_name = cool_stuff; $username = $_SESSION[$app_name]['username']; Any solution you come up with today should definitely scale to 3 or more applications, otherwise you'll just have to rewrite 2 (or more!) solutions later on down the line. - Martin Norland, Database / Web Developer, International Outreach x3257 The opinion(s) contained within this email do not necessarily represent those of St. Jude Children's Research Hospital. -Original Message- From: Bastien Koert [mailto:[EMAIL PROTECTED] Sent: Friday, October 22, 2004 12:22 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [PHP-DB] How to send a SID in a security way What about writing a function that will store some of those required variables into a db. Then on the second site, open a link to the first db and query for those values that you need? bastien From: Andre Matos [EMAIL PROTECTED] To: 'Matt M.' [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: RE: [PHP-DB] How to send a SID in a security way Date: Fri, 22 Oct 2004 12:59:00 -0400 Hi Matt, I am trying to solve my problem to have one browser accessing two different applications (each one in a different window) where each application has its own and unique sessionID. I really don't want to use cookie because I will need that the user enable the option accept cookies in the browser. However, I am afraid to pass the sessionID on the URL because someone can cat it. I am using currently using SSL. Can you see any solution for my problem? Thanks. -- Andre Matos [EMAIL PROTECTED] -Original Message- From: Matt M. [mailto:[EMAIL PROTECTED] Sent: Friday, October 22, 2004 12:35 PM To: Andre Matos Cc: [EMAIL PROTECTED] Subject: Re: [PHP-DB] How to send a SID in a security way How can I send a SID (SessionID) in a security way from one page to another? Is it security to do this? not sure what exactly you want. You could just use cookies, dont allow it to be in form fields or query strings. you could use ssl. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] How to send a SID in a security way
I had thought about this idea to storage the session information in a database. However, what's happening if a user just closes the browser without logout from the application or if the browser crashes. The session will be in the database and the user is gone. How to track this? Thanks. Andre -- Andre Matos [EMAIL PROTECTED] -Original Message- From: Bastien Koert [mailto:[EMAIL PROTECTED] Sent: Friday, October 22, 2004 1:22 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [PHP-DB] How to send a SID in a security way What about writing a function that will store some of those required variables into a db. Then on the second site, open a link to the first db and query for those values that you need? bastien From: Andre Matos [EMAIL PROTECTED] To: 'Matt M.' [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: RE: [PHP-DB] How to send a SID in a security way Date: Fri, 22 Oct 2004 12:59:00 -0400 Hi Matt, I am trying to solve my problem to have one browser accessing two different applications (each one in a different window) where each application has its own and unique sessionID. I really don't want to use cookie because I will need that the user enable the option accept cookies in the browser. However, I am afraid to pass the sessionID on the URL because someone can cat it. I am using currently using SSL. Can you see any solution for my problem? Thanks. -- Andre Matos [EMAIL PROTECTED] -Original Message- From: Matt M. [mailto:[EMAIL PROTECTED] Sent: Friday, October 22, 2004 12:35 PM To: Andre Matos Cc: [EMAIL PROTECTED] Subject: Re: [PHP-DB] How to send a SID in a security way How can I send a SID (SessionID) in a security way from one page to another? Is it security to do this? not sure what exactly you want. You could just use cookies, dont allow it to be in form fields or query strings. you could use ssl. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] How to send a SID in a security way
Write a function that gets called frequently (or with a cron job) to clean out session records every half an hour or so... Each time a page loads with those session vars, update the timestamp in that record. bastien From: Andre Matos [EMAIL PROTECTED] To: 'Bastien Koert' [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: RE: [PHP-DB] How to send a SID in a security way Date: Fri, 22 Oct 2004 14:19:05 -0400 I had thought about this idea to storage the session information in a database. However, what's happening if a user just closes the browser without logout from the application or if the browser crashes. The session will be in the database and the user is gone. How to track this? Thanks. Andre -- Andre Matos [EMAIL PROTECTED] -Original Message- From: Bastien Koert [mailto:[EMAIL PROTECTED] Sent: Friday, October 22, 2004 1:22 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [PHP-DB] How to send a SID in a security way What about writing a function that will store some of those required variables into a db. Then on the second site, open a link to the first db and query for those values that you need? bastien From: Andre Matos [EMAIL PROTECTED] To: 'Matt M.' [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: RE: [PHP-DB] How to send a SID in a security way Date: Fri, 22 Oct 2004 12:59:00 -0400 Hi Matt, I am trying to solve my problem to have one browser accessing two different applications (each one in a different window) where each application has its own and unique sessionID. I really don't want to use cookie because I will need that the user enable the option accept cookies in the browser. However, I am afraid to pass the sessionID on the URL because someone can cat it. I am using currently using SSL. Can you see any solution for my problem? Thanks. -- Andre Matos [EMAIL PROTECTED] -Original Message- From: Matt M. [mailto:[EMAIL PROTECTED] Sent: Friday, October 22, 2004 12:35 PM To: Andre Matos Cc: [EMAIL PROTECTED] Subject: Re: [PHP-DB] How to send a SID in a security way How can I send a SID (SessionID) in a security way from one page to another? Is it security to do this? not sure what exactly you want. You could just use cookies, dont allow it to be in form fields or query strings. you could use ssl. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] How to send a SID in a security way - SOLVED!!!
Hi list, Thanks for all people who tried to help me in my session problem. I have found a simple and easy way to have to web-based php applications running in the same server and having one user using both on the same web browser (two different windows or tabs). I did this in one system: session_name(System1); session_start(); and this in the another system: session_name(System1); session_start(); Now I can have my two applications running in the same browser at the same time. Thanks for all help that I received!!! Andre -- Andre Matos [EMAIL PROTECTED] -Original Message- From: Andre Matos [mailto:[EMAIL PROTECTED] Sent: Friday, October 22, 2004 12:59 PM To: 'Matt M.' Cc: [EMAIL PROTECTED] Subject: RE: [PHP-DB] How to send a SID in a security way Hi Matt, I am trying to solve my problem to have one browser accessing two different applications (each one in a different window) where each application has its own and unique sessionID. I really don't want to use cookie because I will need that the user enable the option accept cookies in the browser. However, I am afraid to pass the sessionID on the URL because someone can cat it. I am using currently using SSL. Can you see any solution for my problem? Thanks. -- Andre Matos [EMAIL PROTECTED] -Original Message- From: Matt M. [mailto:[EMAIL PROTECTED] Sent: Friday, October 22, 2004 12:35 PM To: Andre Matos Cc: [EMAIL PROTECTED] Subject: Re: [PHP-DB] How to send a SID in a security way How can I send a SID (SessionID) in a security way from one page to another? Is it security to do this? not sure what exactly you want. You could just use cookies, dont allow it to be in form fields or query strings. you could use ssl. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] How to send a SID in a security way - SOLVED!!!
Andre, Did you intend to write that both sessions have the same name? Doesn't that result in the same issue with the session identification? dave Andre Matos [EMAIL PROTECTED] 10/22/2004 03:25 PM To: [EMAIL PROTECTED] cc: Subject: RE: [PHP-DB] How to send a SID in a security way - SOLVED!!! Hi list, Thanks for all people who tried to help me in my session problem. I have found a simple and easy way to have to web-based php applications running in the same server and having one user using both on the same web browser (two different windows or tabs). I did this in one system: session_name(System1); session_start(); and this in the another system: session_name(System1); session_start(); Now I can have my two applications running in the same browser at the same time. Thanks for all help that I received!!! Andre -- Andre Matos [EMAIL PROTECTED] -Original Message- From: Andre Matos [mailto:[EMAIL PROTECTED] Sent: Friday, October 22, 2004 12:59 PM To: 'Matt M.' Cc: [EMAIL PROTECTED] Subject: RE: [PHP-DB] How to send a SID in a security way Hi Matt, I am trying to solve my problem to have one browser accessing two different applications (each one in a different window) where each application has its own and unique sessionID. I really don't want to use cookie because I will need that the user enable the option accept cookies in the browser. However, I am afraid to pass the sessionID on the URL because someone can cat it. I am using currently using SSL. Can you see any solution for my problem? Thanks. -- Andre Matos [EMAIL PROTECTED] -Original Message- From: Matt M. [mailto:[EMAIL PROTECTED] Sent: Friday, October 22, 2004 12:35 PM To: Andre Matos Cc: [EMAIL PROTECTED] Subject: Re: [PHP-DB] How to send a SID in a security way How can I send a SID (SessionID) in a security way from one page to another? Is it security to do this? not sure what exactly you want. You could just use cookies, dont allow it to be in form fields or query strings. you could use ssl. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] How to send a SID in a security way - SOLVED!!!
I think he meant one was named System1 and the other System2. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: vrijdag 22 oktober 2004 22:34 To: Andre Matos Cc: [EMAIL PROTECTED] Subject: RE: [PHP-DB] How to send a SID in a security way - SOLVED!!! Andre, Did you intend to write that both sessions have the same name? Doesn't that result in the same issue with the session identification? dave Andre Matos [EMAIL PROTECTED] 10/22/2004 03:25 PM To: [EMAIL PROTECTED] cc: Subject: RE: [PHP-DB] How to send a SID in a security way - SOLVED!!! Hi list, Thanks for all people who tried to help me in my session problem. I have found a simple and easy way to have to web-based php applications running in the same server and having one user using both on the same web browser (two different windows or tabs). I did this in one system: session_name(System1); session_start(); and this in the another system: session_name(System1); session_start(); Now I can have my two applications running in the same browser at the same time. Thanks for all help that I received!!! Andre -- Andre Matos [EMAIL PROTECTED] -Original Message- From: Andre Matos [mailto:[EMAIL PROTECTED] Sent: Friday, October 22, 2004 12:59 PM To: 'Matt M.' Cc: [EMAIL PROTECTED] Subject: RE: [PHP-DB] How to send a SID in a security way Hi Matt, I am trying to solve my problem to have one browser accessing two different applications (each one in a different window) where each application has its own and unique sessionID. I really don't want to use cookie because I will need that the user enable the option accept cookies in the browser. However, I am afraid to pass the sessionID on the URL because someone can cat it. I am using currently using SSL. Can you see any solution for my problem? Thanks. -- Andre Matos [EMAIL PROTECTED] -Original Message- From: Matt M. [mailto:[EMAIL PROTECTED] Sent: Friday, October 22, 2004 12:35 PM To: Andre Matos Cc: [EMAIL PROTECTED] Subject: Re: [PHP-DB] How to send a SID in a security way How can I send a SID (SessionID) in a security way from one page to another? Is it security to do this? not sure what exactly you want. You could just use cookies, dont allow it to be in form fields or query strings. you could use ssl. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php