session encryption/security

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
aceconcepts
DevNet Resident
Posts: 1424
Joined: Mon Feb 06, 2006 11:26 am
Location: London

session encryption/security

Post by aceconcepts »

Hi,

I am very cautious when it comes to using session.

Without having to consider SSL certificates, is there a way to encrypt/secure sessions?

I will be passing session ids throughout one site. I just want to make sure no "outsider" can read/capture the session id.

Thanks
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

Anything sent unencrypted over the wire can potentially be read. You could improve security by changing the ID on every page request.
Post Reply