NetTalk Central

NetTalk Web Server => Web Server - Ask For Help => Topic started by: rupertvz on August 07, 2017, 01:41:39 AM

Title: Security Question: Session Values
Post by: rupertvz on August 07, 2017, 01:41:39 AM: Hi Guys,

How secure are session variables / values?

Are these running on the server side, or would a browser be able to reveal the contents?
Title: Re: Security Question: Session Values
Post by: Bruce on August 07, 2017, 09:46:38 PM: So within a specific session I would not describe them as "secure".
In other words there is no specific goal to prevent a user from seeing their own session values.

That said, they're not easy to inspect - offhand I can't think of any overt ways to do it - but making them "secret" to the user has not been a goal. (In the absence of security goals, one should assume they are insecure.)

However I'm pretty sure one user would not be able to access the session values for another user (assuming the site is secure with TLS of course.)

Cheers
Bruce

SMF 2.0.19 | SMF © 2021, Simple Machines