Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition

C H A P T E R 7

Preventing Session Hijacking

In Chapter 6, we complete our discussion of keeping your PHP scripts secure; here we discuss the final threat to the safety of your users' data: session hijacking.

The concept of persistent sessions was originally developed by Netscape in 1994 as part of an effort to make Internet connections more secure. That effort culminated in creation of the Secure Sockets Layer (SSL) protocol, which we will discuss at length in Chapter 16. However, in this chapter our interest is not (as it is there) in the security aspects of SSL but rather in the concept of persistent sessions, how they are potentially vulnerable ...

Get Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition by Chris Snyder, Michael Southwell, Thomas Myer

C H A P T E R 7

Preventing Session Hijacking

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly