Session handling in PHP

Question

What is the best & most secure way you've handled sessions in a PHP application? I want to know the best, most robust and secure method there is. :)

Try this question http://stackoverflow.com/questions/328/php-session-security — Paul Dixon, Aug 28 '09 at 15:44
Ah, thanks Paul. That's a good thread. Someone can close this thread. I've got what I've wanted. — Indranil, Aug 28 '09 at 15:47

score 1 · Accepted Answer · answered Aug 28 '09 at 15:43

1

Your session data will be pretty safe. If you want to make it even safer, encrypt it. Beyond that, you'll have to be more explicit about what you desire.

answered Aug 28 '09 at 15:43

Sampson

265,109
74
539
565

score 1 · Answer 2 · answered Aug 28 '09 at 15:50

1

That would depend on your environment. If your using a shared host, it maybe possible for others customers hosted on the same box to access you session data. If that's the case, it might be safer to store it in a database. But every server is different. Can you elaborate on your setup, and what your trying to protect against?

answered Aug 28 '09 at 15:50

Nick

10,904
10
49
78

Basically, I'm going to develop a web application and want to know whether there are any recommended rules for handling sessions to make it robust and powerful. I believe the link Paul mentioned (look up) has the answers, though I haven't gone through all the answers. Thank you for your answer too. :) – Indranil Aug 28 '09 at 16:29

Session handling in PHP

2 Answers2