Simon Holywell has a new post talking about cookie security in PHP, focusing on some of the PHP configuration settings that can help.

The security of session handling in PHP can easily be enhanced through the use of a few configuration settings and the addition of an SSL certificate. Whilst this topic has been covered numerous times before it still bears mentioning with a large number of PHP sites and servers having not implemented these features.

He talks about the httponly flag when setting the cookie/in the configuration, the "use only cookies" for sessions and forcing them to be "secure only".

Brandon Savage has posted some ideas about making conferences better and how they can appeal to a wider (and maybe more inexperienced) level of developer.

I love PHP conferences. I attended a lot of PHP conferences when I was a brand new developer. Zendcon, OSCON, php[tek], Wordcamp Baltimore, DC PHP and others were my stomping grounds. I learned a lot, and the conferences I attended were on the whole useful, beneficial and wonderful experiences. But I also felt challenged by the fact that conferences don't offer much for bringing up new developers with concrete information and training. This isn't necessarily the fault of conferences: it's impossible to truly impart a useful skill into a developer with only a 45 minute talk.

He includes four ideas in the post and talks some about the role of training at the events:

• Are conferences even the right place for training?
• Creating Different Tracks of Different Lengths
• Including Hands-On Training During Tutorial Days
• Offer Learning-Focused Hackathons

He also notes that some of it is up to the developers to find a good fit for what they need and the skills they're looking to learn. There's other options out there besides just the usual conferences, too and, as Brandon states, "investing in your career is the most valuable thing you can do for yourself."

Jacob Mather has written up a (somewhat lengthy) post about things for developers to consider when wanting to improve at their jobs.

At Symfony Live San Francisco 2012, I gave a little talk. No, really. A little talk. Seven minutes. I'm not even sure I used all of it. That's not a lot of time, but I think I managed to at least provoke some thinking. At least I hope I did. Hmm. How do you act like you care about your work, as a developer?

He has the post broken up into several different categories including being involved in the community, continuing your education constantly, working with automation to make your day-to-day easier and what your real job is (hint, it has more to do with problems and less with code). He also includes a section with suggestions about dealing with coworkers of all different types - everything from management to designers.

On the Symfony blog there's a new post from Bernhard Schussek about some of the changes that have happened in the Forms component of the Symfony 2 framework (in version 2.1).

Those of you who already upgraded to Symfony 2.1 Beta probably noticed that the new version comes with many backwards compatibility breaks in the Form component. Many of you probably ask yourselves: Why? The simple answer is that the Form component is one of the most complex components in Symfony at all.

They list out some of the improvements (plus code showing then at work) for changes like:

• No more bindRequest()
• Custom field constraints
• Error mapping fu
• Collection improvements

In this quick post to her blog, Lorna Mitchell shares an interesting bit of benchmarking she did between PHP versions 5.3 and 5.4, finding 5.4 twice as fast as it's previous version sibling.

So recently I was working on some benchmarks for different versions of PHP, because I heard that PHP 5.4 is "faster" and since I'm a data geek I want to know how much faster! Now, PHP 5.4 is, in general, faster than PHP 5.3 but not twice as fast* unless you pick a use case which has been particularly optimised. My first attempt at benchmarking the two versions produced this. This was a surprise to me; was PHP 5.4 really so much faster??

Her benchmark was a pretty simple one - looping and creating a new object, evaluating the timing of how long it took to execute. A commentor also points to some more official benchmarks that were done and posted to the php.internals mailing list.

On the Touchdown Consulting Services blog, there's a new update posted about Phing, the popular PHP-based build tool and some recent advancements the project has made.

Roughly a month ago I posted the first in, what should become, a series of development updates concerning Phing. This second blog post details the most important updates during the past four weeks as Phing is moving steadily towards another release (2.4.10 is due out next week).

Updates mentioned in this post are:

• User Guide starts move to DocBook format
• Liquibase docs
• PhpDocumentor
• PHP 5.4 compatibility
• PHAR package
• Various (bug)fixes, the 2.4.10 release (listed)

Check out the full post for more details on each of these topics.

In the first two posts of his "features new to PHP 5.4" series Slawek Lukasiewicz has posted about two things that weren't mentioned very often in most of the 5.4 hit lists - improvements to the JSON extension and the header_register_callback method.

About the JSON extension improvements:

By default, when we pass object to json_encode function, it will return JSON representation of object public properties. [...] PHP 5.4 introduces JsonSerializable interface with JsonSerialize abstract method. After implementing this method we can independently set values used in JSON representation.

Related to the header_register_callback addition

After looking at new functions introduced in PHP 5.4 we can found one called header_register_callback. Using it, we can register callback which will be called before sending output.

The stable version of PHP 5.4 has officially been released, so get out there and grab it and start using these new features now!

In this new post to his blog Nikita Popov looks at an update that might have gotten lost in the shuffle of new features coming in PHP 5.4 - some updates to htmlspecialchars.

One set of changes that I think is particularly important was largely overlooked: For PHP 5.4 cataphract (Artefacto on StackOverflow) heroically rewrote large parts of htmlspecialchars thus fixing various quirks and adding some really nice new features. Here a quick summary of the most important changes: UTF-8 as the default charset, improved error handling (ENT_SUBSTITUTE) and Doctype handling (ENT_HTML401,...).

He goes into each of these three main features in a bit more detail, providing code to illustrate the improved error handling and the new flags for Doctype handling (covering HTML 4.01, HTML 5, XML 1 and XHTML).

On the KingFoo blog today there's an excellent look at everything new coming up in PHP 5.4, the next version of PHP set to be released in early February.

PHP 5.4 will be stable soon. In this post I'll try to give you an overview and examples of the new PHP 5.4 features. If you want to try out PHP 5.4 (which is currently in RC3), it has to be installed first. I suggest that you try this out on a virtual machine so you don't break your current PHP version.

Improvements on the list include:

• Improved Session Extension
• Built-in webserver
• Traits
• Array dereferencing
• Method calls through arrays
• Binary notation for integers
• Instantiate a class without running constructor
• Improved JSON extension
• Improved CURL extension

And this is just a start - they detail each of the improvements and provide code where needed to illustrate the update. They also link over to the PHP.net manual (or PHP bug tracker) for more information on the new feature/change.

In a new post to his blog Brian Swan explains why the latest versions of PHP (the 5.3.x series) are faster now on Windows than some previous versions have been. (Hint: updated technology can work wonders sometimes)

[Rasmus Lerdorf recently said at a Seattle meetup] "If you aren't running PHP 5.3 on Windows, you're lucky…because you have a 40% performance boost coming." He clarified this by saying that, with some help from Microsoft, improvements were made in PHP 5.3 that led to a 40% performance improvement of PHP on Windows. Because he didn't go into the details of why this performance boost was realized, I got questions in email the next day asking about why.

The information in a borrowed slide (from a presentation by Pierre Joye) shows what the differences between the versions are - things like the use of a more modern compiler (VC9 vs VC6), calls to the Win32 API directly and better library management.