I am really clueless on how to protect PHPSESSID. Does the value of session_id come from PHPSESSID? It would be disastrous if the session_id got compromised. Anyone have any ideas?
Here is the article from PHP manual that explains sessions security in PHP: link
Probably the most effective way to protect your sessions will be to enable SSL on your site and forcing storing of session id in cookies. Then cookies will be encrypted as they will be passed to your site and that should guarantee enough protection.
You can use HTTPS as RaYell said, but if you can't afford a certificate, there are some ways to secure a session even with HTTP:
Remember these advices will not prevent session hijacking. They will dramatically reduce the risks, but there will always be a risk, unless you use HTTPS.
the session_id is stored in a cookie on the users system. Not sure what you mean by protecting it.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.