jamkelvl Posted July 7, 2010 Share Posted July 7, 2010 Aside from regenerating session_id() all the time; Would it be a good idea to scramble session_id() with something like sha1? I've heard if a maliscious attacker gets a users session_id() then they have the key to the 'vault' (database). In my case I've tried writing something where they'll need a little more than just the session_id(). The session_id() is constantly changing and there are a few more required 'keys' to exploiting this app. Any input is greatly appreciated, whether or not it is to do with sessions or just php security in general. Link to comment https://forums.phpfreaks.com/topic/207031-php-security-session_id/ Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.