Jump to content

Recommended Posts

Hi all ! 

 

I came across sec_session_start() function to start a secure session and I have used it. However I have come across so many comments on the usage of this function recently many of which suggest that this is quite useless, an overkill etc. etc. and that using Https is the best option and there too there are opinions that it has its own overheads and so on. 

 

So I would like to ask what purpose does this function serve? How good is it really? Should we use it or not?

 

The most controversial part of this function seems to be the session_regenarate_id() which seems to create unwanted logouts and lost sessions.

 

While this is apparently supposed to be used to prevent session hijacking or session fixation, I have again come across comments which say it is not advisable to use this function. Like it's of no use to deploy this function and should be avoided.

 

Here is the function as I use it.

 

function sec_session_start()

{

        $session_name = 'sec_session_id';

        $secure = false; // Set to true if using https.

        $httponly = true; 

        ini_set('session.use_only_cookies', 1); 

        $cookieParams = session_get_cookie_params(); 

        session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly);  

        session_name($session_name); 

        session_start(); // Start the php session

        session_regenerate_id(); // regenerated the session

}

 

And I use it on all the pages at the very top. It seems to work fine. I would be very happy to know the truth about this function and its usage. 

 

Thanks loads. 

 

 

Link to comment
https://forums.phpfreaks.com/topic/292627-session-security/
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.