Prevent PHP sesison hijack, are these good ideas?

Posted by matthew Rhodes on Stack Overflow See other posts from Stack Overflow or by matthew Rhodes
Published on 2010-05-26T22:07:00Z Indexed on 2010/05/26 22:11 UTC
Read the original article Hit count: 248

Filed under:
|
|

I'm doing a simple shopping cart for a small site.

I plan to store cart items as well as logged in user_id in session variables.

to make things a little more secure, I thought I'd do this:

  1. sha1() the user_id before storing it in the session.

  2. Also sha1() and store the http_user_agent var with some salt, and check this along with the user_id.

I know there is more one can do, but I thought this at least helps quite a bit right? and is easy for me to implement.

© Stack Overflow or respective owner

Related posts about php

Related posts about session