简体繁体中英

Securing PHP Sessions

原文 2012-11-12 19:03:12 4 1 php/ session

I have been reading up on the best way to keep a user logged to my website, so that they don't need to login to perform every action or view every page.

I have realized Sessions are the way to go over Cookies as their data is stored on the server end not on the client end.

I had a plan where I was going assign the session to a single IP Address and user agent and authenticate it is the same IP and Useragent each time. However apparently that's not the way to go.

So really my question is what is the best way to make some truly bulletproof, secure sessions.

1 answers

You need to use a combo of both COOKIES and PHP sessions.

Use a cookie to store some form of the session id, and just load that session id when you see the cookie.

A PHP session is a browser cookie in and of itself, it just usually expires when the user closes their browser window.

Securing user sessions and data for web app using Php and Mysql

Securing Cookies and Sessions

Securing PHP sessions via hash which incorporates user-agent no longer works for IE10

PHP: Sessions inside sessions?

Securing webservices of PHP

Securing controller PHP (MVC)

Securing files in PHP site

securing login php script

Securing PHP files

Securing php api

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Securing user sessions and data for web app using Php and Mysql Securing Cookies and Sessions Securing PHP sessions via hash which incorporates user-agent no longer works for IE10 PHP: Sessions inside sessions? Securing webservices of PHP Securing controller PHP (MVC) Securing files in PHP site securing login php script Securing PHP files Securing php api

Related Tags

Securing PHP Sessions

Question

1 answers

solution1 1 2012-11-12 19:04:38

solution1
1 2012-11-12 19:04:38