How important is it to use a token for sessions? And lets say specifically with php.
How important is it to use a token for sessions?
It looks like php automatically creates a token for the session in the form of a cookie:
PHPSESSID
Is that typically sufficient for maintaining session security?
Or should I hardcode a token generator into my php script as well?
TIA
|