StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
3097818
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
2
CommunityOwnedDate
CreationDate
2010-06-22T23:13:46.430
FavoriteCount
0
LastActivityDate
2010-06-23T13:31:33.707
LastEditDate
2010-06-23T13:31:33.707
LastEditorUserId
318907
OwnerUserId
318907
ParentId
3097307
PostTypeId
2
Score
5
ViewCount
0
LastEditorDisplayName
text
Body
Some basics about standard sessions (with cookies): When a user visits your site for the first time, <a href="http://php.net/manual/en/function.session-start.php" rel="nofollow noreferrer">session_start</a>() will create a file using a hash as filename (more or less random (<a href="http://svn.php.net/viewvc/php/php-src/trunk/ext/session/session.c?revision=297232&view=markup#l344" rel="nofollow noreferrer">*</a>) (see <a href="http://www.php.net/manual/en/function.session-save-path.php" rel="nofollow noreferrer">session_save_path</a>()). PHP will store all $_SESSION variables within that file. At the same time the user gets a cookie with that hash (session id). Is the user requesting another site (sends the cookie with the session id) PHP will check if the file with that hash exists. If it does, everything within will be read into $_SESSION. Everything the user has contact with, is the hash. As long as you sanitize everything you're writing into $_SESSION (coming from the user), there is no need to check again when reading those values. <hr> All you need to do is, to make it (from your side) as hard as possible to "steal" the session id (..or use it). A good start is to allow cookies only. Session ids in the URL end up being copy/pasted or cached by search engines <pre><code>ini_set('session.use_cookies' ,1); ini_set('session.use_only_cookies',1); ini_set('session.use_trans_sid' ,0); </code></pre> before session_start() should do it, see <a href="http://php.net/manual/en/session.configuration.php" rel="nofollow noreferrer">Session Configuration</a> for more info. deleting the current session, creating a new one (new hash) forces a possible attacker to act quickly <pre><code>session_regenerate_id(true); </code></pre> after session_start() does exactly that. (<a href="http://php.net/manual/en/function.session-regenerate-id.php" rel="nofollow noreferrer">session_regenerate_id</a>()) Saving the users IP (partly) and destroying the session if it changes is another option <pre><code>// first call: $_SESSION['userip'] = $_SERVER['REMOTE_ADDR']; //following calls: if ($_SESSION['userip'] != $_SERVER['REMOTE_ADDR']) { session_destroy(); } </code></pre> You could run into trouble with that one, since there might be some users changing IP quite frequently.. other $_SERVER vars could be used as well ($_SERVER['HTTP_USER_AGENT'] for example). (<a href="http://php.net/manual/en/reserved.variables.php" rel="nofollow noreferrer">Predefined Variables</a>) There are a few other things you can do (crypt the SID so people wont know the filename, HTTPS is always nice, ..) but that should get you started. Google will certainly find some nice tutorials on "<a href="http://www.google.com/search?hl=en&q=session+security" rel="nofollow noreferrer">session security</a>". Edit: fixed Links.
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POShould I sanitise my sessions in php?
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. USKuchen
UserOwnerUserId
1. USKuchen
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. POShould I sanitise my sessions in php?
 singulars
 PostTypePostTypeId
 PTQuestion
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTAcceptedByOriginator
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. COHey man, this is brilliant - really appreciated.
 singulars
 PostPostId
 PO
 UserUserId
 USHaroldo
2. CO"Saving the users IP (partly) and destroying the session if it changes is another option" Gotta love when you move to a new AP and your session gets destroyed...</sarcasm>
 singulars
 PostPostId
 PO
 UserUserId
 USL̲̳o̲̳̳n̲̳̳g̲̳̳p̲̳o̲̳̳k̲̳̳e̲̳̳

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.