close ad
Install the LAtest Updates to Work with CC 2017 and CC 2018
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Session Security

Thread began 9/23/2009 11:22 am by shaun.andrews | Last modified 9/23/2009 4:35 pm by Eric Mittman | 1077 views | 2 replies |

shaun.andrews

Session Security

I have a question regarding Security Assist and Session Security.

I have Security Assist create Session data from my database on Authentication and I am wondering how 'secure' the Session Data is?

I've been reading a bit about Web Security and Session HiJacking etc.. and as some of the information I am recalling from the database is sensitive I want to be sure there's very little chance of someone to be able to access the data.

Is it safe to use the session start command on pages that you are carying session data over to?

if (!isset($_SESSION)) {
session_start();
}

Your Feedback would be appreciated,

Sign in to reply to this post

tom92909Beta Tester

Hi Shaun,

If you're looking for more peace of mind related to privacy, I personally would recommend making all page accesses to your pages utilize a SSL certificate.

Just make sure that all page links go to https://

Your question really relates to the WA extension, but the addition of SSL is an extra element that I would include on your site.

Sign in to reply to this post

Eric Mittman

I have looked into this issue a little and in order for a session to be impersonated or hijacked the session identifier would need to be obtained first. From what I have seen and read this vulnerability occurs when using session id's that occur from a get variable. I'm not aware of any of our code that relies on this method for the session variable. So impersonating a session or hijacking it should not be of concern with the code our tools produce. If you have some other info about this or a specific issue associated with this please let us know.

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...