Chapter 13 Answers
- Question 13-1
Cookies should be transferred before a web page’s HTML, because they are sent as part of the headers.
- Question 13-2
To store a cookie on a web browser, use the
set_cookie
function.- Question 13-3
To destroy a cookie, reissue it with
set_cookie
but set its expiration date in the past.- Question 13-4
Using HTTP authentication, the username and password are stored in
$_SERVER['PHP_AUTH_USER']
and$_SERVER['PHP_AUTH_PW']
.- Question 13-5
The
md5
function is a powerful security measure, because it is a one-way function that converts a string to a 32-character hexadecimal number that cannot be converted back, and is therefore almost uncrackable.- Question 13-6
When a string is salted, extra characters (known only by the programmer) are added to it before
md5
conversion. This makes it nearly impossible for a brute force dictionary attack to succeed.- Question 13-7
A PHP session is a group of variables unique to the current user.
- Question 13-8
To initiate a PHP session, use the
session_start
function.- Question 13-9
Session hijacking is where a hacker somehow discovers an existing session ID and attempts to take it over.
- Question 13-10
Session fixation is the attempt to force your own session ID onto a server rather than letting it create its own.
Get Learning PHP, MySQL, and JavaScript now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.