Chapter 12 Answers
Cookies should be transferred before a web pageâs HTML because they are sent as part of the headers.
To store a cookie on a web browser, use the
set_cookie
function.To destroy a cookie, reissue it with
set_cookie
but set its expiration date to sometime in the past.Using HTTP authentication, both the username and password are stored in
$_SERVER['PHP_AUTH_USER']
and$_SERVER['PHP_AUTH_PW']
.The
md5
function is a powerful security measure because it is a one-way function that converts a string to a 32-character hexadecimal number that cannot be converted back, and is therefore almost uncrackable.When a string is salted, extra characters (known only by the programmer) are added to it before
md5
conversion. This makes it nearly impossible for a brute-force dictionary attack to succeed.A PHP session is a group of variables unique to the current user.
To initiate a PHP session, use the
session_start
function.Session hijacking is where a hacker somehow discovers an existing session ID and attempts to take it over.
Session fixation is the attempt to force your own session ID onto a server rather than letting it create its own.
Get Learning PHP, MySQL, JavaScript, and CSS, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.