Regenerate Session ID

May 16, 2006 § 2 Comments

Session ID hijacking can be a problem with PHP Websites. The PHP session tracking component uses a unique ID for each user’s session, but if this ID is known to another user, that person can hijack the user’s session and see information that should be confidential. Session ID hijacking cannot completely be prevented; you should know the risks so you can mitigate them.

A user who creates a new session by logging in should be assigned a fresh session ID using the session_regenerate_id() function. A hijacking user will try to set his session ID prior to login; this can be prevented if you regenerate the ID at login.

** Source : sitepoint.com

[Rupom]

Advertisements

Tagged: , ,

§ 2 Responses to Regenerate Session ID

  • cojusib2ojepi says:

    After reading the article, I just feel that I need more information on the topic. Can you share some more resources?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

What’s this?

You are currently reading Regenerate Session ID at Rupom Here.

meta

%d bloggers like this: