Page 1 of 1
Session Security Tips and Help Needed
Posted: Wed Feb 01, 2006 6:23 am
by khaki_monster
how do i keep my sessions safe?
cheerz!
Posted: Wed Feb 01, 2006 6:41 am
by Jenk
Is there anything in particular you need answering?
That is quite a vague question.. some of the generics are:
Set PHP to use cookie only for the session id (i.e. so it doesn't use GET variables in the URI)
Use databases to store session info. Not a 'must' but on shared hosting sometimes session data is stored in shared directories.. still doesn't generate a huge security risk, infact can be a negligible difference, but decreases the availability of the data to others.
regenerate a session ID whenever the user logs in (i.e. if they logout, then re-enter their username/pass) - giving them a fresh, new 'key' as it were to the session data.
Anything else and you will have to be more specific to what you require

Posted: Wed Feb 01, 2006 6:51 am
by khaki_monster
this PHP matter is totally new to me... so("and sorry") im not really sure how to throw a question.
but im glad most of my question are answerd

though my english grammar suckz.
cheerz!
Posted: Wed Feb 01, 2006 6:53 am
by Jenk
No worries, if you stumble across any particular problems, post ont these forums with the relevant sections of code and myself and/or others will be happy to assist (in most cases

)