AppSec Blog: Daily Archives: Jun 23, 2009

Session Attacks and PHP

This blog is of course inspired by Jason's ASP .Net blog. I figured as the PHP guy in the group, I may as well cover what he did for .Net from the PHP side. PHP's default session mechanism is rather simple and effective. The php.ini file configures how sessions work. Many of the parameters can … Continue reading Session Attacks and PHP