Random Post: Century for phpResource
RSS .92| RSS 2.0| ATOM 0.3
  • Home
  • About Me
  • My Publications
  • My Work Domain
  • phpResource Feeds
    •  

    Regenerate Session ID

    Session ID hijacking can be a problem with PHP Websites. The PHP session tracking component uses a unique ID for each user’s session, but if this ID is known to another user, that person can hijack the user’s session and see information that should be confidential. Session ID hijacking cannot completely be prevented; you should know the risks so you can mitigate them.

    A user who creates a new session by logging in should be assigned a fresh session ID using the session_regenerate_id() function. A hijacking user will try to set his session ID prior to login; this can be prevented if you regenerate the ID at login.

    ** Source : sitepoint.com

    [Rupom]

    This entry was posted on Tuesday, May 16th, 2006 at 6:05 pm and is filed under Sharing Experiences, phpResource. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    One Response to “Regenerate Session ID”

    1. NA Says:
      July 7th, 2007 at 1:27 pm

      Nice idea. It ll be helpful. Thanks.

    Leave a Reply

    You must be logged in to post a comment.