Hi all.
On most web applications, session validation is (and should) always be checked against some properties like: client_ip, client_useragent and idletimeout.
What do you think to add these check properties to DooSession? This way, developer do not need to worry about session hijack.
Btw, a encryption option (and the correspondent encryption key option in DooSession) to encrypt all data could be an excellent addon too.
best regards
Francisco A
DooPHP IRC channel
Session security
2 posts
• Page 1 of 1
Session security
by ximian » Sun Nov 29, 2009 2:54 am
- ximian
- Posts: 143
- Joined: Wed Nov 25, 2009 1:51 am
- Location: Portugal
Re: Session security
by leng » Sun Nov 29, 2009 1:06 pm
It isn't necessary if you are talking about the use of session. If you meant session for authentication stuffs, yea it's very important. This is actually handle in DooAuth if you're using this class as a part of your authentication solution.
Just Doo IT!
- leng
- Posts: 1482
- Joined: Thu Jul 16, 2009 11:33 pm
2 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest