I'm developing some additional functionality for a client's website that uses the email address as a key lookup variable between various databases (email marketing system, internal prospect database, and a third shared DB that helps bridge the gap between the two).
I'm concerned that storing a visitor's email address as a $_SESSION variable could lead to security issues (not so much for our site, but for the visitor).
Anybody have suggestions or experience on whether this is okay to do, or if there's开发者_JAVA技巧 another alternative out there?
It is important to understand the difference between how $_SESSION variables are stored and how cookies are used to retrieve it. All data in the session is stored on the server (in /tmp by default, I believe), and persisted between requests. No session data is stored directly in a cookie by default.
However, PHP will store a cookie with a unique id that identifies your user with a particular session (hence how the same information can be retrieved over different requests).
If the cookie with the session id is compromised, another user can impersonate someone with that session. This includes authenticated sessions, where a user has already logged in. If this happens, chances are you'll likely have bigger problems than exposing an email address.
It wouldn't be a bad idea to use some kind of user id in your session, as opposed to the email address. However there are a number of other, probably more useful, ways to add security to your session.
See this question: PHP Session Security
There isn't anything inherently dangerous to storing values in $_SESSION. It all depends on whether you provide code that would inadvertently output it to the browser.
You could use part of the email address in the variable. So for example, you could use the name joe from the e-mail joe@bloggs.com. Then use another parameter to perform the search.
Also, always use mysql_real_escape_string() when passing variables to the database, and add in some backslashes for good measure.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论