Posts Tagged ‘Security’
Security is a very important issue on any web application. This is why I am very pleased to introduce a security corner on my blog where I will discuss on different types of attacks. Things I will discuss here will not be vague and general overviews. If you are looking for an introduction to security than things like PHP manual could serve you better.
hmm… session fixation, session hijacking. sounds cool huh? well, we will know these right away :p before that I would like to tell something on SESSION.
What is Session?
HTTP is known as a stateless protocol. which means that the webserver does not care multiple requests come from the same user. In other words you can say that HTTP don’t remember anything when the execution is finished. Sessions are used to create a state in between requests even when they occur after weeks from each other.
Sessions are maintained by passing a unique session identiﬁer between requests typically in a cookie (which usually resides in webserver’s file system). Session can also be passed in forms and query arguments. PHP handles sessions transparently through a combination of cookies and URL rewriting, when session.use_trans_sid is turned on in php.ini (it is off by default in PHP5) by generating a unique session ID and using it track a local data store (by default, a ﬁle in the system’s temporary directory in my case /tmp/) where session data is saved at the end of every request.
Caution: session_start() must be called before any output is sent to the browser, because it will try to set a cookie by sending a response header. Read the rest of this entry »