php ultranoob session question
Gregory Boyce
gboyce-qL0WqcyiFk9Wk0Htik3J/w at public.gmane.org
Mon Aug 31 11:02:20 EDT 2009
On Mon, 31 Aug 2009, Eric Chadbourne wrote:
>> Sounds like you just created your own new version of session handling
>> without the years of experience gone into the native implementation.
>>
>> Here's the OWASP top 10 list section on Authentication and Session
>> Management.
>>
>> http://www.owasp.org/index.php/Top_10_2007-A7
>>
>> First item on the list:
>>
>> # Only use the inbuilt session management mechanism. Do not write or
>> use
>> secondary session handlers under any circumstances.
>>
>> --
>> Greg
>
> Oh man I had never heard of OWASP. I'll spend some time digging around
> this site. Many thanks!
> - Eric C
Definitely a good read if you're planning on doing web development. Their
WebGoat tool is also very useful for seeing how easy it is to break web
applications.
--
Greg
More information about the Discuss
mailing list