Cookies should be transferred before a web page’s HTML, because they are sent as part of the headers.
To store a cookie on a web browser, use the
To destroy a cookie, reissue it with
set_cookie but set its expiration date
in the past.
Using HTTP authentication, the username and password are
md5 function is a
powerful security measure, because it is a one-way function that
converts a string to a 32-character hexadecimal number that cannot
be converted back, and is therefore almost uncrackable.
When a string is salted, extra characters (known only by the
programmer) are added to it before
md5 conversion. This makes it nearly
impossible for a brute force dictionary attack to succeed.
A PHP session is a group of variables unique to the current user.
To initiate a PHP session, use the
Session hijacking is where a hacker somehow discovers an existing session ID and attempts to take it over.
Session fixation is the attempt to force your own session ID onto a server rather than letting it create its own.