News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Joseph Crawford's Blog:
Going deep inside PHP sessions
February 23, 2007 @ 11:44:00

Security is becoming a more and more popular topic among PHP developers, and Joseph Crawford has followed the trend and written up his own look at the way PHP handles session and session information as it relates to the security for both the user and the server admin.

One aspect that I dislike about the internal PHP sessions is that they are stored in files on the hard disk (usually /tmp/) by default. This means anyone with access to the machine has access to read the session data. I prefer to store my session information in the database to add an extra layer of security.

He looks at the pitfalls of using this kind of setup (among them, multiple users being able to use one IP) and a simple method for creating a custom sessions handler to replace PHP's built-in one. His example works with a local database to handle saving and retrieving the session information. And, to make things unique, he generates a "fingerprint key" for each user's information to serve as a unique identifier rather than handling it on the connection.

0 comments voice your opinion now!
sessions custom handler security fingerprint sessions custom handler security fingerprint


blog comments powered by Disqus

Similar Posts

DevShed: Defining a Custom Function for File Uploaders with PHP 5

Benjamin Eberlei: Decoupling from Symfony Security and FOSUserBundle

Brian Swan's Blog: What's the Right Way to Prevent SQL Injection in PHP Scripts?

Community News: WordPress 2.1.1 Dangerous, Upgrade

Zend Developer Zone: The ZendCon Sessions Episode 6: Project Management Methods to Maintain IT Stand


Community Events





Don't see your event here?
Let us know!


developer refactor unittest api threedevsandamaybe language laravel community opinion code framework list testing wordpress install release interview introduction series podcast

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework