Posts marked with “session id”

PHP Sessions in Depth

by · January 19, 2018


Sessions in PHP are often taken for granted. A session is a magic array which persists across page loads and holds user-specific data. It’s a fantastic and integral part of most web applications. But when misused, sessions can cause substantial security holes, performance and scalability problems, and data corruption. A deep understanding of sessions is vital to production web development in PHP.


Possible vulnerabilities found in PHP session IDs

by · April 9, 2010


A new advisory warns that a lack of entropy is making session hijacking easier, but only under certain circumstances. Core developer Ilia Alshanetsky gives us the straight dope.