WML, Sessions and Security

Author Topic: WML, Sessions and Security  (Read 257 times)

Offline beingchinmayTopic starter

  • Trade Count: (0)
  • Semi-Newbie
  • *
  • Thank You 0
  • Posts: 43
  • Karma: 0
  • Gender: Male
  • I am Chinmay
    • Fat Cutter
WML, Sessions and Security
« on: 10-10-2016, 03:59:45 »
One aspect of WAP devices of which you need to be aware is that many are not able to save cookies locally, as they’re not backed by a spare gigabyte or two of available disk space. This presents a problem for sessions, as you won’t be able to use the cookie mechanism to allow clients to provide their session ID to you.The alternative mechanism PHP provides is to add the session ID as a GET variable, rewriting every URL in your page to add a variable typically named PHPSESSID. This can be invoked by HAW_deck’s enable_session method, but comes at a price; non-relative URLs will not have the session ID added to them for the sake of security.

In cases where you need it, you can add the session ID yourself, like this:

Quote
<?php
session_start();
?>
<a href="http://www.sitepoint.com/?<?php echo SID;
?>">SitePoint</a>

Be careful not to add the session ID to external links; this will broadcast it to those linked sites, and can potentially lead to session hijacking.

Overall, as you can see, building a WML-based site is very easy. Yet, you may be wondering whether it’s worth it, given the limited number of people who surf that way. Let me just give you a tip—developers working in this area get paid almost twice what their HTML-based brethren receive. Enough said.


 

Related Topics

  Subject / Started by Replies Last post
2 Replies
2321 Views
Last post 06-05-2010, 09:34:39
by ryosuzuki
1 Replies
1415 Views
Last post 02-11-2011, 17:07:03
by Sevam
0 Replies
859 Views
Last post 03-13-2012, 20:06:49
by jenli29
1 Replies
831 Views
Last post 11-26-2012, 16:33:52
by patricka
2 Replies
442 Views
Last post 10-09-2016, 20:10:02
by Fermina Oropeza