LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page How important is it to use a token for sessions? And lets say specifically with php.
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-22-2009, 10:12 PM   #1
abefroman
Senior Member
 
Registered: Feb 2004
Location: lost+found
Distribution: CentOS
Posts: 1,430

Rep: Reputation: 55
How important is it to use a token for sessions? And lets say specifically with php.

How important is it to use a token for sessions?

It looks like php automatically creates a token for the session in the form of a cookie:
PHPSESSID

Is that typically sufficient for maintaining session security?

Or should I hardcode a token generator into my php script as well?

TIA
 
Old 11-23-2009, 01:17 AM   #2
kbp
Senior Member
 
Registered: Aug 2009
Posts: 3,790

Rep: Reputation: 653Reputation: 653Reputation: 653Reputation: 653Reputation: 653Reputation: 653
OWASP are pretty much the definitive source for web app security questions -
http://www.owasp.org/index.php/Session_Management

cheers
 
Old 11-23-2009, 09:38 PM   #3
abefroman
Senior Member
 
Registered: Feb 2004
Location: lost+found
Distribution: CentOS
Posts: 1,430

Original Poster
Rep: Reputation: 55
Quote:
Originally Posted by kbp View Post
OWASP are pretty much the definitive source for web app security questions -
http://www.owasp.org/index.php/Session_Management

cheers
Looks like for the most part, its saying the PHP sessions are fine. Except for the timeout value, which is doesn't specify what php uses by default or how to set/change it.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Ready-Made PHP program that lets me upload and access files on the web? apache2 Linux - Software 5 12-01-2008 10:48 PM
php sessions problems MaestroC SUSE / openSUSE 2 12-06-2005 08:06 AM
sessions in PHP zowey Programming 2 12-26-2004 06:35 PM
Problem with php sessions sashhoney Linux - Software 7 08-28-2003 07:30 AM
PHP Sessions RecoilUK Programming 1 04-21-2002 05:57 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:04 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration