Notes on PHP Session Security
Harry Fuecks' notes on PHP session security:
"[...] things to watch out for when using sessions for your sites login system;
-
- Shared web servers
-
- XSS exploits
-
- Session IDs in URL
-
- Session Fixation
-
- Sniffing Packets
-
- Cookies are not for session data"