Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP

lihaoquan
lihaoquan
12,045 Points
Posted by lihaoquan
lihaoquan
12,045 Points

PHP Session Management [Encryption?]

Hi, I'm currently working on a web app written in PHP and I have to deal with sessions in PHP. There is a login function and I plan to issue a unique session ID every time a user logs in. I know that delivering the session ID via HTTPS is important, but how do I further secure the session ID? Do I encrypt it? If I have to, is there something I can use to encrypt session ID and session datas? If theres any good ways you guys know about managing sessions, please enlighten me.

1 Answer

miguelcastro2
miguelcastro2
Courses Plus Student 6,573 Points

I would recommend implementing Cross-Site Request Forgery tokens. This could help prevent session hijacking. There is a lot of information on this in Google.

lihaoquan
lihaoquan
12,045 Points
lihaoquan
lihaoquan
12,045 Points

Ok thanks, I'll definitely look into it.