unread
Hi all,
I've updated session security manual page a lot.
http://php.net/manual/en/session.security.php
Some of us do not realize importance of non adoptive session
management and timestamp management. e.g.
https://wiki.php.net/rfc/precise_session_management
https://wiki.php.net/rfc/session-use-strict-mode I've tried to
explain why they are important and mandatory for session security.
Comments, questions, corrections and additions are appreciated!
Current session manager is half broken. I would like to correct
session module behavior in near future.
Regards,
--
Yasuo Ohgaki
yohgaki@ohgaki.net