Chapter 13 Answers

Question 13-1

Cookies should be transferred before a web page’s HTML, because they are sent as part of the headers.

Question 13-2

To store a cookie on a web browser, use the set_cookie function.

Question 13-3

To destroy a cookie, reissue it with set_cookie but set its expiration date in the past.

Question 13-4

Using HTTP authentication, the username and password are stored in $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'].

Question 13-5

The md5 function is a powerful security measure, because it is a one-way function that converts a string to a 32-character hexadecimal number that cannot be converted back, and is therefore almost uncrackable.

Question 13-6

When a string is salted, extra characters (known only by the programmer) are added to it before md5 conversion. This makes it nearly impossible for a brute force dictionary attack to succeed.

Question 13-7

A PHP session is a group of variables unique to the current user.

Question 13-8

To initiate a PHP session, use the session_start function.

Question 13-9

Session hijacking is where a hacker somehow discovers an existing session ID and attempts to take it over.

Question 13-10

Session fixation is the attempt to force your own session ID onto a server rather than letting it create its own.

Get Learning PHP, MySQL, and JavaScript now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.