Welcome Guest, Not a member yet? Register   Sign In
Native Sessions
#6

I'd write it myself, given that there's enough demand for it ...

But the technique that you've linked is exactly what I want to avoid. I've went great lengths in the other drivers trying not to do that (otherwise the 'files' driver would only be an ini_set('session.save_handler', 'files') call), because unless the check is at the storage level, it doesn't prevent an attacker from messing with your session - it prevents fixation, but still allows either destruction or extending its lifetime artificially.
Reply


Messages In This Thread
Native Sessions - by happyape - 02-07-2015, 12:59 PM
RE: Native Sessions - by janul - 02-13-2015, 03:51 AM
RE: Native Sessions - by lvrkln - 02-13-2015, 10:41 AM
RE: Native Sessions - by Narf - 02-13-2015, 12:56 PM
RE: Native Sessions - by lvrkln - 02-13-2015, 01:18 PM
RE: Native Sessions - by Narf - 02-13-2015, 01:37 PM
RE: Native Sessions - by spjonez - 02-15-2015, 06:39 AM
RE: Native Sessions - by lvrkln - 04-14-2015, 11:12 AM
RE: Native Sessions - by coredumpster - 04-30-2015, 08:18 AM
RE: Native Sessions - by blasto333 - 09-02-2015, 05:01 PM



Theme © iAndrew 2016 - Forum software by © MyBB