I need a way to pass a variable between two page in a secure way.
I know that I can use POST / GET / Cookie / Session or hidden fields but I think none of these ways aren't secure enough because :
get can be seen in the url
cookies is a client side so it can be change from client
session can confront Session ID hijacking and ...
Now I want to know is there another ways better than these ways and if there isn't witch of these is the best way to pass variables in secure manner;
Session is the most secure method you have available.
Session id regeneration will help against session hijacking, but SSL via https will really protect against it.
BTW: If the session is hijacked and you're displaying user data to the client, it doesn't matter how you got the data to the second page, the hijacker will see it. If you're only using it server side, the hijacker won't see it.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With