DevShed has a new book excerpt from a good standby security resource from O'Reilly - Chris Shiflett's "Essential PHP Security". This time, they focus on the chapter talking about sessions and cookie security.
This chapter discusses sessions and the inherent risks associated with stateful web applications. You will first learn the fundamentals of state, cookies, and sessions; then I will discuss several concerns - cookie theft, exposed session data, session fixation, and session hijacking-along with practices that you can employ to help prevent them.
The chapter talks about how the statelessness of HTTP causes problems, how cookies can be stolen because of it and what kinds of things you can do to keep you and your users safe (like session fixation).