Tim’s Weblog Tim's Weblog
Tim Strehle’s links and thoughts on Web apps, managing software development and Digital Asset Management, since 2002.
2004-03-08

Notes on PHP Session Security

Harry Fuecks' notes on PHP session security:

"[...] things to watch out for when using sessions for your sites login system;

  • 1. Shared web servers
  • 2. XSS exploits
  • 3. Session IDs in URL
  • 4. Session Fixation
  • 5. Sniffing Packets
  • 6. Cookies are not for session data"
Mon, 08 Mar 2004 10:13:44 +0000