PHPDeveloper: PHP News, Views and Community

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

Dave Marshall's Blog: Competition: PHP Job Hunters Handbook up for grabs

Job Posting: LIVESTRONG.com/Demand Media Inc. Seeks Senior PHP Software Developer (Santa Monica, CA)

Job Posting: Children's Hospital Boston Seeks Open Source Web Developer (Boston, MA)

Job Posting: eReleases Seeks Zend/PHP Developer (Baltimore, MD)

Job Posting: Chegg Seeks Senior PHP Developer (Santa Clara, CA)

Job Posting: TEKSystems (Recruiter) Seeks PHP Web Application Developers (Tampa, FL)

Job Posting: Quinstreet, Inc. Seeks Sr. PHP Developer (Foster City, CA)

Job Posting: WideEye Interactive/Moroch Advertising Seeks Web Developer (Dallas, TX)

Job Posting: Project People Ltd (Recruiter) Seeks PHP Developer (Paris, France)

Job Posting: Snelling (Recruiter) Seeks Web Programmer (Boston, MA)

News Archive

Sameer Borate's Blog: Finding if an array is ordered

Etienne Kneuss' Blog: SplObjectStorage for a fast and secure object dictionary

Matthew Turland's Blog: php|tek 2009 Hackathon

Tobias Schlitt's Blog: Webdav authentication, authorization and locking

Evert Pot's Blog: Devshed article about SQL Injection

Site News: Blast from the Past - One Year Ago in PHP

Community News: phpGG Frontend Special

devReview.com: The Big List of PHP Frameworks

Kana Yeh's Blog: Review Ivo Jansch's Guide to Enterprise PHP development

Jani Hartikainen's Blog: Another idea for using models with forms

feed this:

Oscar Merida's Blog:
Avoiding frustration with PHP Sessions

by Chris Cornutt March 30, 2007 @ 11:28:00

On his blog, Oscar Merida has a quick new post those just starting out with sessions should take a look at. He gives four quick tips of things to watch out for that can help your development process go smoother.

PHP's support for sessions make adding "state" to your web application super easy. Bus because the illusion of state is maintained by storing a Session ID via a user's cookies, you might find yourself losing potentially productive hours chasing down bizarre client side bugs or opening up a potential security hole. Here are 4 tips to help you avoid wasting your time and securing your site.

Items on the list are:

Don't use underscores in host names
Commit your sessions before redirects
Prevent session fixation (great security tip!)
Don't expose session_id's

Check out the comments - there's some good recommendations in there as well.

0 comments voice your opinion now!
frustration session avoid recommend underscore fixation expose frustration session avoid recommend underscore fixation expose

Community Events

Don't see your event here?
Let us know!

All content copyright, 2009 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework