0

Is it possible for any extensions like phpFire for Firebug to access server side session variables? Without the any access to the websites server.

I want to make sure I don't put any sensitive data into server session variables. If not are my server side session variables safe from anything outside the server itself?

Thanks

Paddy
  • 37
  • 8
  • 1
    your sessions are mostly safe, there's a few exploit options, but in most cases you can assume they are fine. Remember the actual session data is stored on your server, not the clients machine –  May 29 '14 at 23:52
  • Would you consider storing a password in a server session variable safe? A encrypted password that is. – Paddy May 29 '14 at 23:56
  • there should never be the need to store a password in a session –  May 29 '14 at 23:57
  • But say you needed to, would you say that was unsafe? – Paddy May 29 '14 at 23:59
  • http://security.stackexchange.com/questions/18991/is-it-safe-to-store-password-in-php-session http://stackoverflow.com/questions/19895925/can-i-securely-store-username-and-password-in-php-session-variables et al –  May 30 '14 at 00:01
  • I guess you are talking about ['FirePHP'](https://addons.mozilla.org/firefox/addon/firephp/), not 'phpFire', right? – Sebastian Zartner May 30 '14 at 06:36
  • Yeah, FirePHP. The extension to Firebug. – Paddy Jun 02 '14 at 13:55

0 Answers0