News Feed
Jobs Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

PHPBuilder.com:
Validating PHP User Sessions
April 07, 2008 @ 11:12:33

On PHPBuilder.com, there's a new tutorial about validating user sessions - ensuring that data in your user's sessions is valid and isn't an attack trying to sneak in.

In a nutshell, sessions are the way that we "maintain state" from one page to the next, that is, how we identify specific users across multiple page requests. The ability to track users as they go from one page to the next using sessions allows us a number of options, such as tracking where they are going (web statistics) or to verify credentials for a specific section of the site.

First, there's a little mini-intro to sessions for those unsure on their use. It's followed by a look at some session vulnerabilities that could be introduces by malicious users looking to break things on your site (including HTML/Javascript injection, as their example shows).

They recommend a three step plan to get started with the validation of your user's sessions - making it easy for users to log out when they want to, use unique aspects of the remote machine to define the session and to validate all user input, especially things that will be put into a session variable.

0 comments voice your opinion now!
tutorial session security tip vulnerabilities injection validate


blog comments powered by Disqus

Similar Posts

4Null4.de: Four new vulnerabilities in PHP found

DZone.com: MySQL PHP search: four-part video tutorial series

Cal Evans' Blog: Sun VirtualBox as a virtual development environment for PHP

Sébastien Thomas' Blog: Monitoring PHP APC cache usage

CorePHP Blog: A Guide to running Apache 2, PHP 4 & PHP 5 on Windows XP


Community Events











Don't see your event here?
Let us know!


package performance language install threedevsandamaybe introduction release hhvm podcast facebook project framework symfony2 database hack component security application unittest composer

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework