Posts marked with “session id”
PHP Sessions in Depth
Sessions in PHP are often taken for granted. A session is a magic array which persists across page loads and holds user-specific data. It’s a fantastic and integral part of most web applications. But when misused, sessions can cause substantial security holes, performance and scalability problems, and data corruption. A deep understanding of sessions is vital to production web development in PHP.
Possible vulnerabilities found in PHP session IDs
A new advisory warns that a lack of entropy is making session hijacking easier, but only under certain circumstances. Core developer Ilia Alshanetsky gives us the straight dope.