On his blog, Oscar Merida has a quick new post those just starting out with sessions should take a look at. He gives four quick tips of things to watch out for that can help your development process go smoother.
PHP's support for sessions make adding "state" to your web application super easy. Bus because the illusion of state is maintained by storing a Session ID via a user's cookies, you might find yourself losing potentially productive hours chasing down bizarre client side bugs or opening up a potential security hole. Here are 4 tips to help you avoid wasting your time and securing your site.
Items on the list are:
- Don't use underscores in host names
- Commit your sessions before redirects
- Prevent session fixation (great security tip!)
- Don't expose session_id's