Programmer Question
I have searched the web for "how to secure a php session" and came across this PHP Session Security
The first answer is a very good one...
I, like many others, are searching for how to create a secure "Remember me" function.
Much like the linked questions' poster, I thought it would be good to gather all information about this in one place.
If you assume I know PHP averagely, then you are correct. But I don't know much about securing PHP sessions.
Offcourse, I know how to write an unsecure "Remember me" function, which checks a cookie value (which might be hashed) against a hashed database value. If they are the same, then the user is still logged in. Simple, but dangerous!
How should I secure this "remember me" feature?
Find the answer here
No comments:
Post a Comment