News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Christopher Kunz's Blog:
Strict session handling in PHP
November 22, 2005 @ 05:46:11

Christopher Kunz has this new post today on his blog with at look at "strict session handling in PHP".

PHP has a permissive session system. This has been decided way before I came into the PHP world (I guess in preparation of 4.0), and the reasons for this decision are kinda lost in transit. However, with a small patch by Hardened-PHP Project buddy Stefan esser, this might now change.

A small patch against PHP's ext/session and ext/sqlite adds two new handler functions to validate and create session IDs, as well as the php.ini setting.

This setting would allow for more enhanced session handling (removing the ability to spoof sessions via a SID), and other problems (SQL injections, XSS attacks, etc). You can check out more on the Hardened-PHP page...

0 comments voice your opinion now!
session handling hardened-php session handling hardened-php


blog comments powered by Disqus

Similar Posts

Zend Developer Zone: Aaron Wormus Talks about his Session at ZendCon and Migrating to PHP 5

Ibuildings techPortal: DPCRadio: Under PHP's Hood

Scarletlullaby.com: Refactoring to Rails (MVC) in PHP

Zend Developer Zone: ZendCon Sessions Episode 13 - "Premium PHP"

Zend Developer Zone: The ZendCon Sessions Episode 2: Best Practices for Sending Mail from PHP


Community Events





Don't see your event here?
Let us know!


threedevsandamaybe release laravel list wordpress interview developer language series podcast application library configure community symfony api bugfix install introduction code

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework