how do i keep my sessions safe?
cheerz!
Session Security Tips and Help Needed
Moderator: General Moderators
- khaki_monster
- Forum Commoner
- Posts: 73
- Joined: Tue Oct 11, 2005 12:36 am
- Location: Philippines
- Contact:
Is there anything in particular you need answering?
That is quite a vague question.. some of the generics are:
Set PHP to use cookie only for the session id (i.e. so it doesn't use GET variables in the URI)
Use databases to store session info. Not a 'must' but on shared hosting sometimes session data is stored in shared directories.. still doesn't generate a huge security risk, infact can be a negligible difference, but decreases the availability of the data to others.
regenerate a session ID whenever the user logs in (i.e. if they logout, then re-enter their username/pass) - giving them a fresh, new 'key' as it were to the session data.
Anything else and you will have to be more specific to what you require
That is quite a vague question.. some of the generics are:
Set PHP to use cookie only for the session id (i.e. so it doesn't use GET variables in the URI)
Use databases to store session info. Not a 'must' but on shared hosting sometimes session data is stored in shared directories.. still doesn't generate a huge security risk, infact can be a negligible difference, but decreases the availability of the data to others.
regenerate a session ID whenever the user logs in (i.e. if they logout, then re-enter their username/pass) - giving them a fresh, new 'key' as it were to the session data.
Anything else and you will have to be more specific to what you require
- khaki_monster
- Forum Commoner
- Posts: 73
- Joined: Tue Oct 11, 2005 12:36 am
- Location: Philippines
- Contact: