Selasa, 01 Januari 2013

proper PHP session setup

. Selasa, 01 Januari 2013 .

    <?
    /* In a nutshell, this is a quick way to ensure your sessions are difficult to attack. There may be
     * ways to improve this configuration but it's a good starting point, I feel.
     *
     * Code released in accordance with the ZAP > http://tlwsd.info/LICENSE.txt
     *
     * Requirements: HTTPS (get a free cert from StartSSL.com if you have no money :P)
     * A well-configured webserver (see: Calomel.org)
     * Access to server config is a bonus because you can just change php.ini and not have to make a bunch of runtime calls to ini_set() thus boosting performance
     */
    ini_set('session.cookie_httponly', true);
      # Above: Tells the user's browser to not expose session cookie contents to Javascript
    ini_set('session.cookie_secure', true);
      # Above: Tells the user's browser to not expose session cookie contents to unencrypted HTTP
    ini_set('session.entropy_file', '/dev/urandom'); // On BSD systems, you may wish to use use /dev/arandom
    ini_set('session.entropy_length', '32');
    ini_set('session.hash_function', 'sha256');
    ini_set('session.hash_bits_per_character', '6');
     # Above: Use strong pseudorandom data in the session IDs to prevent session fixation
    ini_set('session.use_trans_sid', false);
    session_start();
      // All configuration must be set before session_start();
    ?>

0 komentar:

:)) ;)) ;;) :D ;) :p :(( :) :( :X =(( :-o :-/ :-* :| 8-} :)] ~x( :-t b-( :-L x( =))

Poskan Komentar

 
{nama-blog-anda} is proudly powered by Blogger.com | Template by Agus Ramadhani | o-om.com