PHP Tips and Tricks
PHP Tips and Tricks
Just wondering, whats the difference between passing variables via session and passing variables via post .. atleast with session, the variables are always global .. so wouldnt it be better to do it that way?
- hallsofvallhalla
- Site Admin
- Posts: 12023
- Joined: Wed Apr 22, 2009 11:29 pm
Re: PHP Tips and Tricks
post is much more secure while session variables can be potentially dangerous to cheat
session variables in plain text can be sniffed. There are also programs out there that can take memory snapshots.
If you are making a game where you plan to have a host of different people playing then you are going to have some moron thinking he is a hacker and trying to cheat. There are ways to stop it, but I personally use post and get methods because they die after page is loaded. You can encrypt a get method also to scramble it when sending it through the URL.
session variables in plain text can be sniffed. There are also programs out there that can take memory snapshots.
If you are making a game where you plan to have a host of different people playing then you are going to have some moron thinking he is a hacker and trying to cheat. There are ways to stop it, but I personally use post and get methods because they die after page is loaded. You can encrypt a get method also to scramble it when sending it through the URL.
Re: PHP Tips and Tricks
Hmm I thought it was the other way around. I thought session was hidden, I can easily see post variables. Atleast on sending.
I thought session was stored on the server, with the end user getting a key that allows the server to auth them.
I thought session was stored on the server, with the end user getting a key that allows the server to auth them.
- hallsofvallhalla
- Site Admin
- Posts: 12023
- Joined: Wed Apr 22, 2009 11:29 pm
Re: PHP Tips and Tricks
just depends if you set it up with a key, how can you see post variables? not get...
Re: PHP Tips and Tricks
You can convert them to gets actually.
Re: PHP Tips and Tricks
so session or post is more secure???
Re: PHP Tips and Tricks
I'd say session, depending on use. For example, login cookies are always session.
Re: PHP Tips and Tricks
id say session too .. as the sessions are kept on the server ..Noctrine wrote:I'd say session, depending on use. For example, login cookies are always session.
- hallsofvallhalla
- Site Admin
- Posts: 12023
- Joined: Wed Apr 22, 2009 11:29 pm
Re: PHP Tips and Tricks
how would you convert a post to a get, please tell
- hallsofvallhalla
- Site Admin
- Posts: 12023
- Joined: Wed Apr 22, 2009 11:29 pm
Re: PHP Tips and Tricks
thats what I thought, no way to get post variables that i know of, not form the "player side"