Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Changing session data...

edited January 2006 in Vanilla 1.0 Help
I'm just making a wee thing here for school, and though security isnt a major issue i thought it was worth having a quick think about it. All the login and stuff relies on sessions (couldnt be bothered with cookies), primarily the ID in the session. How difficult is it to change this within the session? Should i add in extra protection?

Comments

  • lechlech Chicagoland
    I don't necessarily see the point of it, my server seems to ignore cookies and just throws me a session upon login, and that session expires the moment i close out the browser :|
  • dont see the point of what?
  • if you're talking about passing the session id around in the query string, just md5hash it and it's next to impossible to spoof.
  • i mean, md5hash it with some other identifier, like username or some such
This discussion has been closed.