Let’s say I created a portable application (Version 1) which uses PHP cookies to store user information.
I call it “myApp.exe”.
Now let’s say 3 months later I release Version 2 called “anotherApp.exe”
Both “myApp.exe” and “anotherApp.exe” use the same GUID, but have different content (e.g. different images, videos, etc.)
Question:
As long as the user does not delete the previous .USERPREF file generated by “myApp.exe”, but only replaces “myApp.exe” with “anotherApp.exe”, then the new app can still access the cookies in the .USERPREF file right?
Or must I also name Version 2 as “myApp.exe” instead of “anotherApp.exe” in order to access the saved cookies?
Hope this is not too confusing. Thanks very much for your clarification.
<?php
echo "Current time is: ".date('H:i:s')." ";
if(exo_getglobalvariable ('key','default_value')=='default_value')
{
$time = date('H:i:s');
exo_setglobalvariable ('key',$time,true);
}
echo "Session time is: ".exo_getglobalvariable ('key','something wrong');
?>
If you have got application a.exe, a.pref after first run session time will be set, close the a.exe
copy a.exe -> b.exe, a.userpref -> b.userpref
when you run b.exe your session time will be the same as in a.userpref
So every.exe is bind to every.userpref
Maybe it would be good to allow to set some security on this subject, because now it is possible to read session settings one application in another.
Good is that cracker have to buy software and good that cracker have to use bruteforce to find global variable name. But if you sell something in thousands it is possible that they find it and break your rules
Thanks Servage, appreciate your help Your test result is as I expected. I believe Global Variable’s behavior is the same as PHP cookies in this instance, and so it is safe to say that a cookie created by “a.exe” can also be read by “b.exe”, if they share the same GUID.
(GDG please confirm this. Also, will future versions retain this behavior?)
This behavior actually works to my advantage as I need the user’s cookie information to remain the same in the .USERPREF file, and for a new .EXE file to be able to read this old .USERPREF file.
This way I can just send them the new .EXE file (e.g. when I come up with an updated version of my app) and it would automatically be able to find the old cookie information by reading the old .USERPREF file.
As for security, I think as long as there is an external file (i.e. not compiled into the EXE), a cracker can crack it. And even then, a very determined cracker can still decompile the EXE .
I send for my user only exe file, and every settings are read from the same .userpref dependent on exe name (only when you make your application as portable)
When you don’t use portable option your application sessions use GUID of your application and is saved somewhere in user windows profile
Yes, they will share the cookies if they have the same GUID. Now you could add an easy check to your .userpref file: just save the current GUID (or anything else unique to “a.exe”) in a global variable. And use HEScript (or PHP) to detect whether this global variable contains the correct value or not.
and break your rules