230
seCure develoPment For mobIle APPs
calling set_session_handler() with a reference to itself, $this. It also sets
the ‘true’ parameter so that the w rite() function is registered to be called with
register_shutdown_function().
e important file techniques used in this class are:
• Using a dedicated application session directory
• Correct setup of m c r y p t()
• Testing session ID for valid characters
• Base64 encoding for file storage
• Open files with C+ directive
• Locking files with LOCK_EX directive
• Rewinding files—files are overwritten and not appended
• Unlinking expired session files
e class also uses the following member variables to hold the new, private path, and
the secret key, which should both be long and comprised of upper and lower ...