Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is it secure to store values in session?

I am developing a web application where UserId and RoleId plays a vital role... Is it secure to store these values in session.Someother can be hiddenfield,cookie.. Which is more secured?

Any suggestion for this...

like image 582
ACP Avatar asked Dec 22 '09 03:12

ACP


People also ask

Is it safe to store in session?

Both SessionStorage and LocalStorage are vulnerable to XSS attacks. Therefore avoid storing sensitive data in browser storage. It's recommended to use the browser storage when there is, No sensitive data.

How secure is session data?

The session data itself is stored server side. The only thing that is stored on the client's computer is a cookie with a unique identifier so the server knows which session to load at the server side. Users cannot manipulate the data stored in the session itself, so in that sense, sessions are secure.

Are session variables secure?

By default, session variables are created with the secure flag set to true. If any secure variables are saved to the database, you must type your password, which is used as the encryption key.


1 Answers

Sessions are more secure than cookies and hidden fields because they are kept on the server. Cookies usually shouldn't contain sensitive data, even encrypted, as users have direct access to them. Hidden fields are also sent to the client, but simply not displayed. Therefore, using tools such as FireBug, you can easily display this content.

There are various places you can store the session, such as in memory (if you're not using them much) or have a SQL server maintaining them. You can get more information on sessions here. Sessions are secure because of the fact that they are stored server side.

like image 131
keyboardP Avatar answered Oct 24 '22 12:10

keyboardP