Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>You cannot "spoof" HTTP requests. You send a request to the server, and the server responds appropriately.</p> <p>I think what you are trying to prevent is cookie spoofing. Considering that cookies are stored on the client-side, there is nothing you can do to prevent users from modifying theirs contents.</p> <p>Do not store sensitive information in your cookies. They are not secure and easily read and modified by the client.</p> <p>Use PHP sessions instead. The full explanation on how sessions work and how to keep them secure can be read in <a href="https://stackoverflow.com/questions/1221447/what-do-i-need-to-store-in-the-php-session-when-user-logged-in/1225668#1225668">one of my previous answers</a>.</p> <p>Essentially, securing sessions is done on two fronts:</p> <ul> <li><p><strong>Preventing session fixation</strong><br> Regenerate a new <code>session_id</code> every X number of requests in order to reduce the amount of time an attacker has to steal the id.</p></li> <li><p><strong>Uniquely identify the client</strong><br> Use the IP and/or the User-Agent to uniquely identify the client and check that value on every page load against the ones stored in the session. This is really the only two choices you have to uniquely identify the client.</p></li> </ul> <p>Even with that in place, no solution is fool-proof and once your <code>session_id</code> is compromised, you are pretty much done for.</p> <p>Again, for an in-depth explanation, please see <a href="https://stackoverflow.com/questions/1221447/what-do-i-need-to-store-in-the-php-session-when-user-logged-in/1225668#1225668">my previous answer</a>.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload