phpBB sessions

Get help with installation and running phpBB 3.2.x here. Please do not post bug reports, feature requests, or extension related questions here.
Post Reply
hihab11852
Registered User
Posts: 13
Joined: Wed Dec 11, 2019 8:21 pm

phpBB sessions

Post by hihab11852 »

Hi there, I am coding a script that detects any suspicious activity (example: uploading shells to the server, etc.) and works great, but I was thinking of searching the session id thought the access.log on Apache2 so they can get their IP and account banned.
I used phpinfo(); for session.save_path but in the directory, there are not the session files.
Where is the location of them?

EDIT: I know that some "hackers" or "script kiddies" will going to change their IP thought any VPN, but I am already done on that part.

Also i was wondering if there is a way to hide the session id from the url for more security (example: save on a cookie)?

Thanks.

User avatar
david63
Registered User
Posts: 17400
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: phpBB sessions

Post by david63 »

hihab11852 wrote:
Fri Jan 03, 2020 9:23 pm
Where is the location of them?
sessions t5able in the database
hihab11852 wrote:
Fri Jan 03, 2020 9:23 pm
Also i was wondering if there is a way to hide the session id from the url for more security (example: save on a cookie)?
If cookies are set up correctly then once a user is logged in the session id is hidden
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

hihab11852
Registered User
Posts: 13
Joined: Wed Dec 11, 2019 8:21 pm

Re: phpBB sessions

Post by hihab11852 »

Thanks :)
david63 wrote:
Fri Jan 03, 2020 9:32 pm
If cookies are set up correctly then once a user is logged in the session id is hidden
How?

User avatar
Lumpy Burgertushie
Registered User
Posts: 67390
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: phpBB sessions

Post by Lumpy Burgertushie »

it simply is no longer needed in the url and is not shown.
remember, if you are admin and logged into the admin panel, I believe the sid remains in the url for your session.


if this was some type of security issue I can assure you it would have been taken care of a long time ago by the developers.

robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If nobody is in the forest, does a tree really fall?

hihab11852
Registered User
Posts: 13
Joined: Wed Dec 11, 2019 8:21 pm

Re: phpBB sessions

Post by hihab11852 »

Lumpy Burgertushie wrote:
Sat Jan 04, 2020 12:55 am
remember, if you are admin and logged into the admin panel, I believe the sid remains in the url for your session.
It happens the same for all users
Last edited by hihab11852 on Mon Jan 06, 2020 12:31 am, edited 1 time in total.

User avatar
warmweer
Jr. Extension Validator
Posts: 4273
Joined: Fri Jul 04, 2003 6:34 am
Location: Van Allen Bel ... gium

Re: phpBB sessions

Post by warmweer »

hihab11852 wrote:
Sun Jan 05, 2020 11:17 pm
Lumpy Burgertushie wrote:
Sat Jan 04, 2020 12:55 am
remember, if you are admin and logged into the admin panel, I believe the sid remains in the url for your session.
It happens for all
Please post the Support Request Template to provide more information (and we can do some elementary checking on the cookie-settings).
We should embrace problems, without which there wouldn't be any solutions.

Post Reply

Return to “[3.2.x] Support Forum”