News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Edd Mann:
Securing Sessions in PHP
April 09, 2014 @ 12:14:23

In his most recent post Edd Mann shows you how to secure your session in PHP applications via a custom SessionHandler class and a bit of encryption. For those interested in the full code right away, check out this gist over on Github.

Following on from my previous post on Self-signed SSL certificates, I would now like to address the second most common Web application vulnerability (Broken Authentication and Session Management). When delving into the subject I was unable to find a definitive resource for an PHP implementation. Due to this, I set out to combine all the best practice I could find into a single Session handler, to help protect against the common attack vectors. Since PHP 5.4, you are able to set the Session handler based on a class instance that extends the default 'SessionHandler' class.

He walks through the code talking about some of the functionality it offers, how it encrypts the data and integrates expiration and validation (fingerprinting). There's also an interesting set of methods (get and set) to access values in the current session. One thing to note, this example is only for PHP 5.4 and above as it makes use of the newer SessionHandler interface.

0 comments voice your opinion now!
secure session encryption sessionhandler tutorial

Link: http://eddmann.com/posts/securing-sessions-in-php

blog comments powered by Disqus

Similar Posts

Deepak Radhakrishnan\'s Blog: Configuring Apache - PHP - MySQL on Windows (WAMP Configuration)

Adobe Developer Connection: Flex and PHP charting

Lars Strojny's Blog: Dependency Injection Container Refactorings, Part One

phpRiot.com: Zend Framework 101: Zend_Cache

PHPBuilder.com: Search Google Books with the Zend Framework's Zend_Gdata Component


Community Events

Don't see your event here?
Let us know!


release voicesoftheelephpant introduction opinion community laravel5 framework unittest extension series threedevsandamaybe api feature development wordpress interview podcast laravel language library

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework