Prevent PHP sesison hijack, are these good ideas?
Posted
by matthew Rhodes
on Stack Overflow
See other posts from Stack Overflow
or by matthew Rhodes
Published on 2010-05-26T22:07:00Z
Indexed on
2010/05/26
22:11 UTC
Read the original article
Hit count: 248
I'm doing a simple shopping cart for a small site.
I plan to store cart items as well as logged in user_id in session variables.
to make things a little more secure, I thought I'd do this:
sha1() the user_id before storing it in the session.
Also sha1() and store the http_user_agent var with some salt, and check this along with the user_id.
I know there is more one can do, but I thought this at least helps quite a bit right? and is easy for me to implement.
© Stack Overflow or respective owner