stackoom
  简体   繁体   中英

Rename session cookie to something else, than PHPSESSID

 原文  2012-12-07 16:20:33       php/ html5boilerplate

Question

I am reading through the suggested php.ini changes from https://github.com/h5bp/html5-boilerplate/blob/master/.htaccess

One of the suggestions is: 

# Rename session cookie to something else, than PHPSESSID
php_value session.name sid

I am interested to know how this could effect my current websites and how this would improve security?

2 answers

solution1
 8 ACCPTED  2012-12-07 17:10:13

By changing the name, the only security improvement you will have is that you will no longer expose that you are using PHP via the cookie name.

If you change this value, the only side effect on your website is that all the currently logged-in users will became logged-out.

Plus, you can use a fun name, like we_are_hiring_ninjas !

solution2
 2  2012-12-07 16:22:32

The name of the session cookie can be changed from the php.ini file and also from the host definition on Apache config.

Take a look there.

All the best.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Is $_SESSION['session_id'] always equal to $_COOKIE['PHPSESSID']? Assign and read session of user by PHPSESSID read from cookie $_SESSION created but theres no PHPSESSID in $_SERVER['HTTP_COOKIE'] PHPSESSID Cookie automatically created without calling session_start() Guzzle hangs Apache when passing PHPSESSID session cookie PHP session_id() refresh on every request, $_COOKIE['PHPSESSID'] empty PHP SESSION works only over HTTPS + PHPSESSID cookie is not sent PHP losing Session ID in PHPSESSID cookie when redirects phpsessid - Is it worth changing the session name to something hashed and visitor specific How to rename PHPSESSID?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM