Hidden sessions

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Hidden sessions

    PHP Code:
    $_SESSION['sid'] = put here the encrypted value to be used as session$_SERVER['PHPSESSID'], $PHPSESSIDsession_id() 
    you can use any of them..
    Last edited by kiLLeR-eyEd_14; 05.01.10, 11:03.
    My Blog: http://jhommark.blogspot.com
    My Facebook: http://www.facebook.com/jhommark
    My Official Site: http://www.undergroundweb.tk
    My Community Site: http://undergroundwap.xtreemhost.com

    #2
    I dont understand use them as in how
    http://myfacepals.com
    MYFACEPALS SOCIAL NETWORKsigpic

    Comment


      #3
      what is this?

      Comment


        #4
        It depends on your script..Example: on lavalair login.php
        PHP Code:
        mysql_query("INSERT INTO ibwf_sessions SET id='".session_id()."' WHERE uid='".getuid_nick($_GET['loguid'])."', expiretm='".(time() + (24*60*60))."'"); 
        you then inserted it into the database..Then in every top of a file like index.php..assign session_id() to $sid..
        PHP Code:
        $sid session_id(); 
        now, it will work..this will return your membership id..
        PHP Code:
        $uid getuid_sid($sid); 
        just analyze..this one is the link to your profile..
        PHP Code:
        index.php?action=viewuser&who=$uid 
        and then this, on logout
        PHP Code:
        index.php?action=logout&who=$uid 
        got my point?the thing i can tell you about this is to be wise 'cause they might abuse it by putting that url in an image source..once you executed that image with that url, example, the source is the logout url, then you will be logged out..
        Last edited by kiLLeR-eyEd_14; 05.01.10, 15:37.
        My Blog: http://jhommark.blogspot.com
        My Facebook: http://www.facebook.com/jhommark
        My Official Site: http://www.undergroundweb.tk
        My Community Site: http://undergroundwap.xtreemhost.com

        Comment


          #5
          So basically your hiding the real session ID... whats the point lol. Your site translates the user viewable session id into the hidden sid stored in the session. If i have the user viewable session and use it, your site is still gonna translate that into the hidden sid for me. I really dont see the point in such a modification???

          or did i understand it wrong :P

          Comment


            #6
            djlee, is right lol

            Build your own sid i have my script if you tryed to hack sid you only get username lmao
            Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
            Visit: WapMasterz Coming Back Soon!
            _______
            SCRIPTS FOR SALE BY SUBZERO
            Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
            FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
            _______
            Info & Tips
            php.net
            w3schools.com

            Comment


              #7
              i think you dont need to hide sid if you using $_SERVER['PHPSESSID'], $PHPSESSID, session_id() , you are hiding for cleanliness.
              Did I help you?
              You can help me too
              Your donations will help me finance my studies.

              Comment


                #8
                it only hiddes the sid, nothing more
                mysterio.al - programming is a functional art

                Comment


                  #9
                  That was just my past used thing or experience in having a session w/o getting it into a url that was done in lavalair..My only point is to give hidden sessions for them to experience having a session w/o having it in a url..
                  My Blog: http://jhommark.blogspot.com
                  My Facebook: http://www.facebook.com/jhommark
                  My Official Site: http://www.undergroundweb.tk
                  My Community Site: http://undergroundwap.xtreemhost.com

                  Comment


                    #10
                    If i got a coin for every topic like this.

                    Comment


                      #11
                      hiding sid will help lot of sites who getting hacked by image hack or stealing session.

                      this can be safe from noob hackers.

                      any guys using lava must try to hide sessions.
                      sigpic

                      WANT GOOD CHEAP HOSTING WITH 99% UPTIME? THEN PM ME FOR DETAILS!!

                      Comment


                        #12
                        Originally posted by thunderwap View Post
                        hiding sid will help lot of sites who getting hacked by image hack or stealing session.

                        this can be safe from noob hackers.

                        any guys using lava must try to hide sessions.
                        if you hide it - you will lose 50% or more of your users, you should better secure your site.
                        Advertise your mobile site for FREE with AdTwirl

                        Comment


                          #13
                          Just secure it. I dnt hide myn bt its secure.

                          Comment


                            #14
                            Originally posted by GumSlone View Post
                            if you hide it - you will lose 50% or more of your users, you should better secure your site.
                            yes, because some other phone does not supported by phpsessions

                            Originally posted by mobileGIGS View Post
                            Just secure it. I dnt hide myn bt its secure.
                            i think there is no need to hide the session if cookie is used
                            Did I help you?
                            You can help me too
                            Your donations will help me finance my studies.

                            Comment


                              #15
                              I just said i DONT hide mine :-/

                              Comment

                              Working...
                              X