Improving Session Security
Because important information is normally stored in a session (as opposed to a cookie), security becomes more of an issue. Remember that with sessions there are two considerations: the session ID, which is a reference point to the session data, and the session data itself, stored on the server. A malicious person is far more likely to hack into a session through the session ID than the data on the server, so I’ll focus on that side of things here.
Storing the session ID in a cookie is considered the more secure method of using sessions, as opposed to passing the session ID along in URLs or storing it in hidden form inputs. Those alternatives are less secure because the session could easily be hijacked by another user, ...
Get PHP and MySQL for Dynamic Web Sites: Visual Quickpro Guide, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.