堆栈内存溢出
  简体   繁体   English

将会话cookie重命名为其他内容,而不是PHPSESSID

[英]Rename session cookie to something else, than PHPSESSID

 原文  2012-12-07 16:20:33       php/ html5boilerplate

问题描述

I am reading through the suggested php.ini changes from https://github.com/h5bp/html5-boilerplate/blob/master/.htaccess 我正在阅读https://github.com/h5bp/html5-boilerplate/blob/master/.htaccess中建议的php.ini更改

One of the suggestions is: 其中一个建议是: 

# Rename session cookie to something else, than PHPSESSID
php_value session.name sid

I am interested to know how this could effect my current websites and how this would improve security? 我有兴趣知道这会如何影响我当前的网站以及这将如何提高安全性?

2 个解决方案

解决方案1
 8 已采纳  2012-12-07 17:10:13

By changing the name, the only security improvement you will have is that you will no longer expose that you are using PHP via the cookie name. 通过更改名称,您将获得的唯一安全性改进是您将不再通过cookie名称公开您使用PHP。

If you change this value, the only side effect on your website is that all the currently logged-in users will became logged-out. 如果更改此值,则对您网站的唯一副作用是所有当前登录的用户都将被注销。

Plus, you can use a fun name, like we_are_hiring_ninjas ! 另外,你可以使用一个有趣的名字,比如we_are_hiring_ninjas

解决方案2
 2  2012-12-07 16:22:32

The name of the session cookie can be changed from the php.ini file and also from the host definition on Apache config. 可以从php.ini文件以及Apache config上的主机定义更改会话cookie的名称。

Take a look there. 看看那里。

All the best. 祝一切顺利。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 $ _SESSION ['session_id']总是等于$ _COOKIE ['PHPSESSID']吗? - Is $_SESSION['session_id'] always equal to $_COOKIE['PHPSESSID']? 通过从cookie读取的PHPSESSID分配和读取用户的会话 - Assign and read session of user by PHPSESSID read from cookie $ _SESSION已创建,但$ _SERVER ['HTTP_COOKIE']中没有PHPSESSID - $_SESSION created but theres no PHPSESSID in $_SERVER['HTTP_COOKIE'] PHPSESSID Cookie 自动创建,无需调用 session_start() - PHPSESSID Cookie automatically created without calling session_start() 传递PHPSESSID会话cookie时,Guzzle挂起Apache - Guzzle hangs Apache when passing PHPSESSID session cookie PHP session_id()在每个请求上刷新,$ _COOKIE ['PHPSESSID']为空 - PHP session_id() refresh on every request, $_COOKIE['PHPSESSID'] empty PHP SESSION仅通过HTTPS起作用+ PHPSESSID cookie不发送 - PHP SESSION works only over HTTPS + PHPSESSID cookie is not sent 重定向时 PHP 在 PHPSESSID cookie 中丢失会话 ID - PHP losing Session ID in PHPSESSID cookie when redirects phpsessid - 是否值得将会话名称更改为哈希值和访问者特定值 - phpsessid - Is it worth changing the session name to something hashed and visitor specific 如何重命名PHPSESSID? - How to rename PHPSESSID?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM