Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Oscar Merida's Blog:
Avoiding frustration with PHP Sessions
Mar 30, 2007 @ 16:28:00

On his blog, Oscar Merida has a quick new post those just starting out with sessions should take a look at. He gives four quick tips of things to watch out for that can help your development process go smoother.

PHP's support for sessions make adding "state" to your web application super easy. Bus because the illusion of state is maintained by storing a Session ID via a user's cookies, you might find yourself losing potentially productive hours chasing down bizarre client side bugs or opening up a potential security hole. Here are 4 tips to help you avoid wasting your time and securing your site.

Items on the list are:

  • Don't use underscores in host names
  • Commit your sessions before redirects
  • Prevent session fixation (great security tip!)
  • Don't expose session_id's
Check out the comments - there's some good recommendations in there as well.

tagged: frustration session avoid recommend underscore fixation expose frustration session avoid recommend underscore fixation expose

Link:

Oscar Merida's Blog:
Avoiding frustration with PHP Sessions
Mar 30, 2007 @ 16:28:00

On his blog, Oscar Merida has a quick new post those just starting out with sessions should take a look at. He gives four quick tips of things to watch out for that can help your development process go smoother.

PHP's support for sessions make adding "state" to your web application super easy. Bus because the illusion of state is maintained by storing a Session ID via a user's cookies, you might find yourself losing potentially productive hours chasing down bizarre client side bugs or opening up a potential security hole. Here are 4 tips to help you avoid wasting your time and securing your site.

Items on the list are:

  • Don't use underscores in host names
  • Commit your sessions before redirects
  • Prevent session fixation (great security tip!)
  • Don't expose session_id's
Check out the comments - there's some good recommendations in there as well.

tagged: frustration session avoid recommend underscore fixation expose frustration session avoid recommend underscore fixation expose

Link:


Trending Topics: