Jump to content

PHP security + session_id()


jamkelvl

Recommended Posts

Aside from regenerating session_id() all the time;

 

Would it be a good idea to scramble session_id() with something like sha1?

 

I've heard if a maliscious attacker gets a users session_id() then they have the key to the 'vault' (database).  In my case I've tried writing something where they'll need a little more than just the session_id().  The session_id() is constantly changing and there are a few more required 'keys' to exploiting this app.

 

Any input is greatly appreciated, whether or not it is to do with sessions or just php security in general.

Link to comment
https://forums.phpfreaks.com/topic/207031-php-security-session_id/
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.