About the Author

Chris Shiflett

Hi, I'm Chris, a web developer and a founding member of Analog. I live and work in Brooklyn, NY.

PHP Session Security

My talk for php|works, PHP Session Security, is now online.

As with most of my talks, the slides only provide a vague outline. I hope to offer a more useful resource for session security (similar to the PHP Security Workbook) sometime soon.

About This Post

PHP Session Security was posted on Fri, 24 Sep 2004 at 18:30:51 GMT.

2 Comments

1. Christopher Thompson's GravatarChristopher Thompson said:

Great information. Do you know of any libraries or classes that centralize session management and provide features like those you discussed in your talk?

If not what would such a thing look like?

Fri, 24 Sep 2004 at 23:47:44 GMT Link

2. Chris Shiflett's GravatarChris Shiflett said:

Felix Zaslavskiy sent me the following link:

http://www.zaslavskiy.net/extra/files/session.php

I haven't had a chance to review this implementation yet, but it looks like it might be the type of thing you're looking for.

If you do use it or review the implementation in any way, please let everyone know what you think.

Mon, 27 Sep 2004 at 04:53:03 GMT Link

Post A Comment

Personal Details and Comment

Style Guide

Line breaks are converted to paragraphs. Also use:

  • <a href="" title="">text</a>1
  • <em>text</em>
  • <blockquote><p>text</p></blockquote>
  • <code>2  <?php  if ($foo) {      $foo = TRUE;  }  ?></code>
  1. Note: <code> can be used inline (e.g. in paragraphs) or in a block as shown. Include whitespace and newlines in blocks.

Please enter Chris (my first name) below. This is a primitive spam prevention technique, and I apologize for the inconvenience.

Preview and Submit

Upcoming Talks

ConFoo

10 - 12 Mar 2010

At Hilton Montréal Bonaventure, Montréal, Canada.

South by Southwest

12 - 16 Mar 2010

At Austin Convention Center, Austin, Texas.

Dutch PHP Conference

10 - 12 Jun 2010

At TBD, Amsterdam, Netherlands.

O'Reilly Open Source Convention

19 - 23 Jul 2010

At Oregon Convention Center, Portland, Oregon.

New Comments

liukang wrote:

I have problem with this example. In my php.ini magic_quotes_gpc is off so i'm using only addsla...

Posted in addslashes() Versus mysql_real_escape_string()
RyanTheGreat wrote:

Well, I'm not Chris, but I will do my best to address the questions raised in the comments by Ian...

Posted in Security Corner: Cross-Site Request Forgeries
Chris Shiflett wrote:

Thanks for the kind words, Simon. I'm glad you liked the tutorial. In case it's helpful, here'...

Posted in Webstock
Chris Shiflett wrote:

Hi Robin, I plan to post something about it, but it's going to be hard to express everything i...

Posted in Webstock
Simon Mahony wrote:

Hi Chris, I really enjoyed your workshop on the Evolution of Security at Webstock. I think I g...

Posted in Webstock

Browse Comments

Work and Books

Analog Essential PHP Security HTTP Developer's Handbook