O'Reilly logo

Learning PHP, MySQL, JavaScript, and CSS, 2nd Edition by Robin Nixon

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 12 Answers

  1. Cookies should be transferred before a web page’s HTML because they are sent as part of the headers.

  2. To store a cookie on a web browser, use the set_cookie function.

  3. To destroy a cookie, reissue it with set_cookie but set its expiration date to sometime in the past.

  4. Using HTTP authentication, both the username and password are stored in $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'].

  5. The md5 function is a powerful security measure because it is a one-way function that converts a string to a 32-character hexadecimal number that cannot be converted back, and is therefore almost uncrackable.

  6. When a string is salted, extra characters (known only by the programmer) are added to it before md5 conversion. This makes it nearly impossible for a brute-force dictionary attack to succeed.

  7. A PHP session is a group of variables unique to the current user.

  8. To initiate a PHP session, use the session_start function.

  9. Session hijacking is where a hacker somehow discovers an existing session ID and attempts to take it over.

  10. Session fixation is the attempt to force your own session ID onto a server rather than letting it create its own.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required