Programming Forums - View Single Post

Arevos · Sep 5th, 2006, 3:19 PM

Assuming the SIDs are chosen suitably, and I don't know of any reported flaws in PHP's default session handling, then SIDs are secure. Or, at least, secure enough that they are no longer the weakest link in the chain; guessing usernames and passwords is likely far easier than guessing a pseudorandomly generated, temporary SID.

So as far as I'm aware, your code is as safe as it can be, TCStyle.

Sep 5th, 2006, 3:19 PM	#5
Arevos Programming Guru Join Date: Aug 2005 Location: England Posts: 1,499 Rep Power: 5	Assuming the SIDs are chosen suitably, and I don't know of any reported flaws in PHP's default session handling, then SIDs are secure. Or, at least, secure enough that they are no longer the weakest link in the chain; guessing usernames and passwords is likely far easier than guessing a pseudorandomly generated, temporary SID. So as far as I'm aware, your code is as safe as it can be, TCStyle.