php ultranoob session question
Eric Chadbourne
EChadbourne-3av5VAs6qClGBRGhe+f61g at public.gmane.org
Mon Aug 31 10:06:50 EDT 2009
> Sounds like you just created your own new version of session handling
> without the years of experience gone into the native implementation.
>
> Here's the OWASP top 10 list section on Authentication and Session
> Management.
>
> http://www.owasp.org/index.php/Top_10_2007-A7
>
> First item on the list:
>
> # Only use the inbuilt session management mechanism. Do not write or
> use
> secondary session handlers under any circumstances.
>
> --
> Greg
Oh man I had never heard of OWASP. I'll spend some time digging around
this site. Many thanks!
- Eric C
More information about the Discuss
mailing list